ManagingEnergy includes features to assign privileges to individual users at a granular level.
At setup (or when updated by a user with adequate privileges), a user is assigned one or more roles corresponding as closely as possible to job duties. The roles answer the question "What does this user need to do with the data ?"
Each role assignment is within a context, either Data Source, Portfolio, or Facility. The context of the role stipulates the data scope within which the user will be able to perform the role-based actions. Suppose the user is assigned the Accountant role. Maybe she only deals with a particular corporate division, in which case the context would be for that division only rather than the entire building portfolio.
Where a role context is not specified, it is assumed to be global.
Application domains are the basic blocks of application functionality that are used to define Roles. For ease of understanding they have been defined around system objects, but this is not a hard limitation. It is expected that the list of domains will change slowly over time, and that role definitions will be modified to follow.
Each role is defined as a list of privileges applied against one or more application domains. For any particular application domain, a role can include the ability to Create, Read, Modify, and/or Delete objects within the domain.
A sample role definition for the Accountant role is shown below: