Configuring plant level onboarding for SDx Users - Intergraph Smart Cloud - Help - Hexagon

Intergraph Smart Cloud Help
Language
English
Product
Intergraph Smart Cloud
Search by Category
Help

You can restrict user access to specific plants in a site. For example, in case Site2 has 2 plants, Plant 1 and Plant 2, and you want a user XYZ to have access to Plant 2 only, then you must do the following settings in the SPF Role Matrix screen:

Configure SPF Role Matrix

  1. In the Configure SPF Role Matrix screen, select Plant 1 and ensure the following:

    • Clear mapping for SDX Administrator row (SPF Role Name column) against SDX Administrator column (Smart Cloud role).

      Configure SPF ROle Mantrix - 2

  2. In the Configure SPF Role Matrix screen, select Plant 2 and ensure the following:

    • Select Mapped against SDX Administrator row/SPF Role Name column and SDX Administrator column (Smart Cloud role).

      Configure SPF Role Matrix 3

  3. Click Save.

    This configuration ensures that any user that is created in Smart Cloud with the role SDX Administrator for HxGN SDx Operations product is assigned access to Plant 2 only.

  4. Create a user and assign SDX Administrator role against HxGN SDx Operations product.

    Configure SPF Role Matrix 4

    The user has access to Plant 2 only. When the user connects to SDx, only Plant 2 is displayed.

    Configure SPF Role Matrix 5

Settings for users onboarded using Customer IDP feature

If you are using Customer IDP feature to onboard multiple users to Smart Cloud, the Customer Administrator (CA) must do the following:

  • Create a user group in Azure AD if:

    • multiple users need access to a plant

      Or

    • user/s need access to multiple plants.

  • To grant access to a user group for a particular role,

    • Navigate to Estate > Customer Security Groups.

    • Enter the user group name (created for the users requiring access to a plant/s) in the Customer Security Group Name field against Role Name SDx Administrator.

      Configure SPF Role Matrix

In case you are using Customer IDP feature to assign user groups access to plants, then

  • You must map the User Group to the Role Name.

  • All the users that are part of the user group get access to the plants that are mapped in the Role Matrix screen.

  • One Role Name can be mapped to only one user group.

  • Example 1:

    • Users A, B, C are part of a user group User Group 1 and there are 3 plants; Plant 1, Plant 2, and Plant 3.

    • Plant 2 and Plant 3 have been mapped to the Role Name SDx Administrator in the SPF Map Role Matrix screen:

    • If, User Group 1 is mapped to Role Name SDX Administrator then all users A, B, and C get access to Plant 2 and Plant 3.

  • Example 2:

    • User A is part of User Group 1; User B is part of User Group 2 and there are 3 plants; Plant 1, Plant 2, and Plant 3.

    • Plant 1 has been mapped to the Role Name SDx Administrator in the SPF Map Role Matrix screen and hence User A is gets access to Plant 1.

    • Now, granting User B access to Plant 3 for the Role Name SDx Administrator is not possible as the Role Name SDx Administrator has already been mapped to User Group 1.

      Only one User Group can be assigned to one Role Name.