Introduction
Our roles are designed to associate with any number of functions. Where the security actually happens is implemented on each view individually.
Each view has a ‘security’ custom property that’s based on the roles that the user has, and which functions those roles are able to perform. In the case of the asset editor for example, it will be looking at the configureAssets function, and the assets that are included with it. These are the assets that the user will have clearance to configure assets for. In this case, the user has the ability to configure assets for Kanoa Industries\NewSite, and any children assets under it.
The second part of the security check, is another custom property called userAction.
Because security is asset based, this binding to ‘userAction’ is fired whenever a selected asset is changed. Here we’ve selected the NewSite asset, and the fields in the editor are enabled. In order to restrict parts of the views, bindings are configured to check against the userAction property’s corresponding fields. In this case, each of the input fields have their ‘enabled’ property bound to userAction’s canUpdate.
Now we select Jacksonville Juices, which is an asset we don’t have as an asset under our configureAssets. The input fields are all disabled, and additionally some action buttons on the far left do not appear.
In summary, security is implemented specifically on each view by this common pattern. Each view will generate the user’s security information, and along with each asset per role function. Views will then restrict certain actions based on the user’s security information and the selected asset. Users with the gatewayAdmin role bypass these checks and are allowed to perform any action.
In the following sections, each security function will be broadly explained, followed by the specific views that the function pertains to.
Functions Overview
In this section, each security function will be summarized, with its main functionalities explained. Specific views that each function will be checked against will be listed in the “Function Views” section later on.
Configure Security
Configuring security pertains to everything associated with the security table view.
Users with a role that comes with the Configure Security function may create, edit and delete users in the “Users” tab.
The “Roles” tab is viewable by anyone, but only editable by users with the “Gateway Admin” role.
The “Configuration” tab is only viewable and editable by users with the “Gateway Admin” role.
Configure Assets
Assets are a very essential part of MES, so many views apart from the main asset editor view check against the “Configure Assets” function.
This is the main view where asset configuration most directly happens. Users with the “Configure Assets” function may create, edit, and delete assets, for all allowed assets and their children assets. Assets that are not included in the user’s permissions are still viewable but changes cannot be made to them.
This is the primary functionality of ‘Configure Assets’, but this function is also used throughout various other asset-related views.
Configure Items
Items are sometimes asset-independent, so item configuring doesn’t always check against a selected asset. As long as a user has “Configure Items” as one of their role functions, they will be able to perform any action within this view, which includes adding, editing, and deleting in any of the three tabs.
Item state configuration is also checked against “Configure Items”, allowing full permissions if the user has the function enabled for them. Item state link configuration is instead checked against “Configure Assets”
Operate Assets
As the name of the function suggests, “Operate Assets” is the function that determines if users can perform operations on an asset. This includes actions like starting a run, scheduling an operation, and editing downtime states. Security will check against the selected asset and determine if permissions are allowed.
Configure Quality
“Configure Quality” is used as a general function to check security against, pertaining to any of the QDS related views, such as the Check Sheet Editor or the Attributes Editor.
Check sheets are not asset-specific, so the user may create, edit, and delete check sheets along as any of their roles have the “Configure Quality” function.
Attributes themselves are not asset-specific, but assigning attribute details is.
Enter Checks
This function directly pertains to entering checks into a check sheet.
Approve Checks
This function allows for users with the ‘Approve Checks’ function to approve check sheets.
Schedule Shifts
This function allows for users with the ‘Schedule Shifts’ function to schedule shifts for an asset.
Users with the function may create, edit, and delete shifts.
Schedule Operations
This function allows for users with the ‘Schedule Operations’ function to schedule operations for an asset.
Users with the function may create, edit, and delete events.
Function Views Glossary
In this glossary, each security function will list out all views that check against the function.
Configure Security
Users
kanoa/core/config/security/securityTable
Edit User
kanoa/core/config/security/embedded/userEdit
Configure Assets
Lot Configuration
kanoa/mes/config/lots/lotConfiguration
This view is an example where one view may have several different ‘userAction’ objects, since the logic and bindings may be different.
Dynamic Attributes
kanoa/mes/config/attributes/attributes
Dynamic Attribute Detail Editor
kanoa/mes/config/attributes/attributeDetailsEditor
Item States
kanoa/mes/config/itemStates/itemStateConfiguration
Assets
kanoa/mes/config/assets/assetTreeEditor
Configure Items
Materials
- kanoa/mes/config/items/itemManager
- kanoa/mes/config/items/inputMaterials
- kanoa/mes/config/items/itemRates
Item States
- kanoa/mes/config/itemStates/itemStateConfiguration
Operate Assets
- kanoa/core/dbp/dashboards/folderEditor
- kanoa/core/dbp/dashboards/dashboardEditor
- kanoa/core/dbp/marquee/themeSelector
- kanoa/core/dbp/marquee/marqueeSelector
- kanoa/core/dbp/marquee/marqueeDashboardTable
- kanoa/core/dbp/marquee/marqueeTable
- kanoa/mes/asset/operation/evRunControl
- kanoa/mes/asset/operation/stationPanel
- kanoa/mes/asset/operation/assetOperationPanel
Configure Quality
- kanoa/core/config/alertGroupEditor
- kanoa/core/images/imageMain
- kanoa/qds/config/attributes/attributeDetailsEditor
- kanoa/qds/config/attributes/attributes
- kanoa/qds/config/checks/chkShtEditor
- kanoa/qds/config/checks/chkShtTable
- kanoa/qds/config/itemSets/itemSetsMain
- kanoa/qds/images/imageMain
- kanoa/qds/mobile/chkShtEvent/editor/root/…/btnLock
- kanoa/qds/mobile/schedule/chkSchedule
- kanoa/qds/qdsDashboard
- kanoa/qds/schedule/chkShtEventEditor/root/…btnEditMode and btnLock
- kanoa/qds/templates/selectors/engUnitSelector
Enter Checks
- kanoa/qds/config/checks/chkShtEditor
- kanoa/qds/mobile/chkShtEvent/editor
- kanoa/qds/schedule/chkShtEventEditor
- kanoa/qds/schedule/chkShtEvents
Approve Checks
kanoa/qds/schedule/chkShtEventEditor/…btnApprove
Schedule Shifts
kanoa/scheduler/shifts
Schedule Operations
kanoa/scheduler/operations