You can restrict user access to specific plants in a site. For example, in case Site2 has 2 plants, Plant 1 and Plant 2, and you want a user XYZ to have access to Plant 2 only, then you must do the following settings in the SPF Role Matrix screen:
-
In the Configure SPF Role Matrix screen, select Plant 1 and ensure the following:
-
Clear mapping for SDX Administrator row (SPF Role Name column) against SDX Administrator column (Smart Cloud role).
-
-
In the Configure SPF Role Matrix screen, select Plant 2 and ensure the following:
-
Select Mapped against SDX Administrator row/SPF Role Name column and SDX Administrator column (Smart Cloud role).
-
-
Click Save.
This configuration ensures that any user that is created in Smart Cloud with the role SDX Administrator for HxGN SDx Operations product is assigned access to Plant 2 only.
-
Create a user and assign SDX Administrator role against HxGN SDx Operations product.
The user has access to Plant 2 only. When the user connects to SDx, only Plant 2 is displayed.
Settings for users onboarded using Customer IDP feature
If you are using Customer IDP feature to onboard multiple users to Smart Cloud, the Customer Administrator (CA) must do the following:
-
Create a user group in Azure AD if:
-
multiple users need access to a plant
Or
-
user/s need access to multiple plants.
-
-
To grant access to a user group for a particular role,
-
Navigate to Estate > Customer Security Groups.
-
Enter the user group name (created for the users requiring access to a plant/s) in the Customer Security Group Name field against Role Name SDx Administrator.
-
In case you are using Customer IDP feature to assign user groups access to plants, then
-
You must map the User Group to the Role Name.
-
All the users that are part of the user group get access to the plants that are mapped in the Role Matrix screen.
-
One Role Name can be mapped to only one user group.
-
Example 1:
-
Users A, B, C are part of a user group User Group 1 and there are 3 plants; Plant 1, Plant 2, and Plant 3.
-
Plant 2 and Plant 3 have been mapped to the Role Name SDx Administrator in the SPF Map Role Matrix screen:
-
If, User Group 1 is mapped to Role Name SDX Administrator then all users A, B, and C get access to Plant 2 and Plant 3.
-
-
Example 2:
-
User A is part of User Group 1; User B is part of User Group 2 and there are 3 plants; Plant 1, Plant 2, and Plant 3.
-
Plant 1 has been mapped to the Role Name SDx Administrator in the SPF Map Role Matrix screen and hence User A is gets access to Plant 1.
-
Now, granting User B access to Plant 3 for the Role Name SDx Administrator is not possible as the Role Name SDx Administrator has already been mapped to User Group 1.
Only one User Group can be assigned to one Role Name.
-