The number of users or seats is not limited with a ManagingEnergy subscription. The Subscription Manager within the subscribing organization can set up a new user, or change the level and extent of any user's access to the system. The user interface is security-trimmed so that each user can be set up to see only those parts of the system relevant to his/her job. Some users will only view reports and dashboards, others will enter billing data, others will use the analytical features.
ManagingEnergy provides a sophisticated way to restrict user access and functionality.
|
Security Domains
Security Domains are areas of ManagingEnergy functionality which can be either allowed or denied to a user. Can the user access the Opportunities Tab within the Conservation & Renewal Module? Can s/he modify Roles, create a new User, delete a Facility, or reset the Baseline under Advanced Analysis? The ability to perform any of these operations depends on the user having adequate Permissions within a particular Security Domain.
The job of assigning specific Security Domain permissions to individual users would be very tedious and prone to mistakes. Roles, which are pre-defined sets of Security Domain permissions, make the job much easier.
Roles are named and defined in plain language, in a way that they are easily understood. A Utility Invoice Clerk would have the ability to view account details and to add or modify utility invoice records, but not to see equipment and opportunity details or perform any analysis. A Top Executive would be able to view dashboards and print high-level performance reports, but could be limited to not have access to meter readings, invoice details, or buildings systems. Within either of these role definitions, the underlying matrix of Security Domains and Permissions is quite elaborate. However once the Roles are properly defined and tested, any number of users can be assigned to each role without having to go through the details again.
Once the Roles are properly defined and tested, any number of Role Assignments can be made to any number of Users without having to go through the details again. In addition, a change in the Role definition will immediately change the security privileges of all users assigned the Role. Users will often be assigned more than one Role.
|
ManagingEnergy provides a set of Standard Roles, enough for most users. If you find you need another role for your particular situation, and are intimidated by the setup process, contact the Help Desk for assistance.
Security in Operation
Any system object is a member of a Security Domain. When a User tries to access an object within the system (Read it, Modify it, Create a new one, or Delete it), ManagingEnergy first checks to see that the User has the required Permission within the applicable Security Domain. If not, the operation is denied. If the answer is Yes, ManagingEnergy then checks whether the Permission applies for the Data Context that they are trying to access. If that check also passes, the operation is allowed to proceed.
Related Topics