User Groups Overview
- 20 Feb 2024
- 12 読む分
- 印刷する
- 闇光
User Groups Overview
- 更新日 20 Feb 2024
- 12 読む分
- 印刷する
- 闇光
The content is currently unavailable in Ja - 日本語. You are viewing the default English version.
記事の要約
この要約は役に立ちましたか?
ご意見ありがとうございます
This article covers the following topics:
What are User Groups?
In the Tempo Manufacturing Cloud, User Groups are groups of individual users who belong to the same team, assignment, site, or other defining aspect within their organization. User Groups are used to organize users and their security permissions within the platform. The capabilities a user has access to is determined by the User Group(s) they belong to.
NOTES:
- More than one group can be assigned to a user. When multiple groups are assigned, the user inherits all of the permissions attached to roles within each group.
- For example, a group with the Executive role has read access to all templates, among other permissions. A group with the Content Creator role can assign any template that they can access, among other permissions. If both of these groups are assigned to a single user, the user has the ability to assign all templates.
What are Group Permissions?
When an administrator creates a new User Group, security permissions must be associated with the group. Group permissions determine the type of security access a user has when interacting with the system.
When creating a new group, the admin must determine which role(s) will be assigned to it. After roles are assigned, members of the group then inherit all system permissions attached to the role(s). More than one role can be assigned to the group at a time. For more information on role descriptions, refer to the Role(s) section below.
Accessing User Groups and Permissions
From the left navigation panel, click settings Platform > User Groups. A list of configured User Groups in your organization displays.
From this list, users can access the following functions:
- View, search, create, edit, and deactivate User Groups
- Customize filter views to fit display preferences
- Click Columns to select which group columns to display in the list.
- Columns reflect specific information stored about a group within the system, including information such as Group Name, Group Type, Users and more.
- Click filter_list Filter next to a column of your choice, then select a filter criteria and enter a term in the search bar.
- Click Reset Filters to reset the filter view.
- Export the current list view to a CSV file
- Click more_vert More Options > Export current view to CSV to download a CSV file of User Groups based on the current view of the list.
Group Info tab
The Group Info tab allows an admin to enter basic information about the group such as its name and Group Type.
Group Types
When configuring groups, the admin decides which Group Type best fits their organization and/or use case. Group Types are used as a label for the group, which helps organize and identify the types of groups in the system. While there are several Group Types to choose from, most are used interchangeably.
NOTE:
Group Types do not affect any user permissions or system functionalities. Group Types are used for organizational purposes only.
| Group Type | Description |
|---|---|
| Location | Used interchangeably with Site; Can be applied across multiple groups |
| General Team | General group of users who work together often; Can be applied across multiple groups |
| Business Division | Includes all users across a single department regardless of location; Users may not always work together often |
| Country | Users grouped based on geographical location; Can be applied across multiple groups |
| Site | Used interchangeably with Location; Can be applied across multiple groups |
| Department | Used interchangeably with Business Divison |
| Project | Related to vendor or client use cases; Used interchangeably with Vendor or Client |
| Shift | Used to group users who work together during the same time of day (day or night shift) |
| Client | Used for vendors (CMO, CRO, etc.) leveraging Tempo to group together teams they are manufacturing for |
| Vendor | Used to group together members of an external vendor |
| SME (Subject Matter Expert) | Used for SME teams leveraging Tempo; Typically reserved for users assisting headset operators |
| QA (Quality Assurance) | Used for QA teams leveraging Tempo for internal collaboration |
Users tab
The Users tab allows an admin to search or filter for registered users in your organization to add to the group. More than one user can be selected at a time.
NOTE:
If a user does not display in the list, their account may not be added to the system yet. For more information on creating a new user account, refer to the Creating, Editing & Deactivating a User Account article.
Group Permissions tab
The Group Permissions tab allows an admin to select roles for the group, which determines the effective permissions that will be applied to all group members.
The admin is responsible for selecting roles based on the permissions that the group needs to fulfill their job functions within their organization.
The Group Permissions tab includes the following sections:
- Role(s): Allows the admin to assign one or more roles to a group
- Effective Permissions: Provides a preview of the permissions that the group will have based on the assigned roles
Role(s)
Roles in the Tempo Manufacturing Cloud are based on a CRUDA (Create, Read, Update, Delete, and Assign) model of operations. This means that each role that is assigned to a group determines specific create, read, update, delete, or assign permissions for members of the group.
For a complete overview of platform, Tempo, and Tandem permissions that are associated with each role, select a role from the Role(s) dropdown menu. The Effective Permissions table displays green checkmarks next to each accessible permission. However, these permissions are subject to change for specific objects if the user is assigned to those objects in a certain capacity. The Procedure, Batch, and Exception Permissions section outlines the default set of permissions for each role as well as defines the basic rules on how these permissions can change.
NOTES:
- More than one role can be applied to a group. When multiple roles are applied, the group inherits all of the permissions attached to each role, as long as the group does not include the Tandem External role.
- For example, a group with the Executive role has read access to all templates, among other permissions. A group with the Content Creator role can assign any template that they can access, among other permissions. If both of these roles are included in the same group, users in this group have the ability to assign all templates.
- The Tandem External role overrides any other role-based permissions within the same group. If the Tandem External role is included in a group, it will prevent all users within that group from accessing additional system functionality.
- To assign the Tandem External role as well as other roles to a user, create a separate group for the Tandem External role. Then, assign that group to the user, as well as any other group(s) containing roles that the user should have.
- Certain additional system responsibilities (e.g., procedure review, procedure approval, etc.) can be assigned to individuals or groups from other areas of the system. When assigned, these responsibilities are in addition to the assigned group permissions for that individual or team.
- The ability to approve a procedure template, batch template, or batch parameter group is managed and can be assigned at the template or run level. These abilities are not connected to the Group Permissions tab.
- For example, a group with the Executive role has read access to all templates, among other permissions. A group with the Content Creator role can assign any template that they can access, among other permissions. If both of these are assigned to a single user, the user has the ability to assign all templates.
| Role | Description |
|---|---|
| Business Admin | Intended for Tandem admins only; Manages user and group accounts |
| Content Creator | Users who create master data in the system such as batch/procedure templates (e.g., technical writer) |
| Executive | Read-only user that can view manufacturing operations but is not responsible for performing tasks (e.g., product owner or leader) |
| Operative | Users who execute workflows (e.g., procedures and batches) and perform operational tasks |
| Quality | Users who review manufacturing operations work and approve manufacturing workflows (e.g., exceptions, runs, templates) |
| Site Admin - Integration | Administrative users who can access, configure, and troubleshoot Tempo integrations with external systems (e.g., automation engineer) |
| Supervisory | Users who perform operational and supervisory tasks (e.g., scheduling, execution, approval, review, etc.) |
| System Admin | Administrative users who have unrestricted access to organization configuration settings and can troubleshoot system issues |
| Tandem External | Invited users outside of the organization who have limited Tandem access only |
| Tandem Internal | Internal users who have limited Tandem access only |
CMN-specific Roles
| Role | Description |
|---|---|
| Enterprise Management | Users within the Core Team who control master data. |
| External Sponsor | Read-only user that can view completed procedure and batch runs with the associated Customer Value. |
Effective Permissions
The Effective Permissions table provides insight into all possible permissions options a user can have after one or more roles are applied to the group.
Users can view the Effective Permissions table via settings Platform > User Groups > Select or add the relevant group > Group Permissions. This table also displays when managing user groups on behalf of a specific user (settings Platform > User Groups > Select or add the relevant user > User Permissions).
NOTES:
- The set of permissions (i.e., ability to Create, Read, Update, Delete, Assign) for anything designated with the Web utility indicates whether a user has access to specific page(s) within one of the system menus or submenus. In the following cases, users involved in procedure or batch execution may have read access to information during relevant parts of execution, but do not have read access to the specific system menu or submenu within the Tempo web application:
- Devices
- User groups
- Users
- Events
- Materials
- Equipment
- Classes / subclasses
- Integrations / status
- The Effective Permissions table provides insight regarding master and operational data for locations, equipment instances, and material definitions. To learn more about the distinction between master and operational data, review the list below:
- Locations Master Data:
- Manage Locations - Create, Edit, Delete Sites, Buildings, Areas, and Units.
- Locations Operational:
- Operational changes to Location Units, such as updating status stages.
- Equipment Instances Master Data:
- Manage Equipment Instances - Create, Edit, Delete them. Excludes operational actions such as updating status stages.
- Equipment Instances Operational:
- Operational changes to Equipment Instances, such as updating status stages, setting custom property values.
- Material Definitions Master Data:
- Manage Material Definitions - Create, Edit, Delete them. Excludes operational actions such as updating material lots.
- Material Definitions Operational:
- Manage Material Lots & Inventory - Create, Edit, Deactivate them.
- Locations Master Data:
Procedure, Batch, and Exception Permissions by Role
The set of permissions (i.e., ability to Create, Read, Update, Delete, Assign) for each role pertaining to procedures, batches, and exceptions are outlined below.
Key
✔️ - Indicates the role has the permission to perform the action
❌ - Indicates the role does not have the permission to perform the action
❕ - Indicates the permission to perform this action varies depending on the role and type of assignment
(see the Assignment Based Permissions below)
N/A - Indicates this is an unsupported action
Content Creator | Executive | Operative | Quality | Site Admin - Integration | Supervisory | System Admin | Enterprise Management
Content Creator
| Area | Create | Read | Update | Delete | Assign |
|---|---|---|---|---|---|
| Procedure Templates | ✔️ | ❕ | ❕ | ✔️(archive) | ✔️ |
| Batch Templates | ✔️ | ❕ | ❕ | ✔️(archive) | ✔️ |
| Batch Parameter Groups | ✔️ | ❕ | ❕ | N/A | ✔️ |
| Procedure Runs | ❌ | ❕ | ❕ | N/A | ❌ |
| Batch Runs | ❌ | ❕ | ❕ | N/A | ❌ |
| Exceptions | N/A | ❌ | ❌ | N/A | N/A |
Executive
| Area | Create | Read | Update | Delete | Assign |
|---|---|---|---|---|---|
| Procedure Templates | ❌ | ✔️ | ❕ | ❕ (archive) | ❕ |
| Batch Templates | ❌ | ✔️ | ❕ | ❕ (archive) | ❕ |
| Batch Parameter Groups | ❌ | ✔️ | ❕ | N/A | ❕ |
| Procedure Runs | ❌ | ✔️ | ❌ | N/A | ❌ |
| Batch Runs | ❌ | ✔️ | ❌ | N/A | ❌ |
| Exceptions | N/A | ✔️ | ❌ | N/A | N/A |
Operative
| Area | Create | Read | Update | Delete | Assign |
|---|---|---|---|---|---|
| Procedure Templates | ❌ | ❕ | ❕ | ❕ (archive) | ❕ |
| Batch Templates | ❌ | ❕ | ❕ | ❕ (archive) | ❕ |
| Batch Parameter Groups | ❌ | ❕ | ❕ | N/A | ❕ |
| Procedure Runs | ❌ | ❕ | ❕ | N/A | ❌ |
| Batch Runs | ❌ | ❕ | ❕ | N/A | ❌ |
| Exceptions | N/A | ❌ | ❌ | N/A | N/A |
Quality
| Area | Create | Read | Update | Delete | Assign |
|---|---|---|---|---|---|
| Procedure Templates | ❌ | ❕ | ❕ | ❕ (archive) | ❕ |
| Batch Templates | ❌ | ❕ | ❕ | ❕ (archive) | ❕ |
| Batch Parameter Groups | ❌ | ❕ | ❕ | N/A | ❕ |
| Procedure Runs | ❌ | ✔️ | ✔️ | N/A | ✔️ |
| Batch Runs | ❌ | ✔️ | ✔️ | N/A | ✔️ |
| Exceptions | N/A | ✔️ | ❕ | N/A | N/A |
Site Admin - Integration
| Area | Create | Read | Update | Delete | Assign |
|---|---|---|---|---|---|
| Procedure Templates | ❌ | ❕ | ❕ | ❕ (archive) | ❕ |
| Batch Templates | ❌ | ❕ | ❕ | ❕ (archive) | ❕ |
| Batch Parameter Groups | ❌ | ❕ | ❕ | N/A | ❕ |
| Procedure Runs | ❌ | ❕ | ❕ | N/A | ❌ |
| Batch Runs | ❌ | ❕ | ❕ | N/A | ❌ |
| Exceptions | N/A | ❌ | ❌ | N/A | N/A |
Supervisory
| Area | Create | Read | Update | Delete | Assign |
|---|---|---|---|---|---|
| Procedure Templates | ❌ | ❕ | ❕ | ❕ (archive) | ❕ |
| Batch Templates | ❌ | ❕ | ❕ | ❕ (archive) | ❕ |
| Batch Parameter Groups | ❌ | ❕ | ❕ | N/A | ❕ |
| Procedure Runs | ✔️ | ✔️ | ✔️ | N/A | ✔️ |
| Batch Runs | ✔️ | ✔️ | ✔️ | N/A | ✔️ |
| Exceptions | N/A | ✔️ | ❕ | N/A | N/A |
System Admin
| Area | Create | Read | Update | Delete | Assign |
|---|---|---|---|---|---|
| Procedure Templates | ✔️ | ✔️ | ✔️ | ✔️ (archive) | ✔️ |
| Batch Templates | ✔️ | ✔️ | ✔️ | ✔️(archive) | ✔️ |
| Batch Parameter Groups | ✔️ | ✔️ | ✔️ | N/A | ✔️ |
| Procedure Runs | ✔️ | ✔️ | ✔️ | N/A | ✔️ |
| Batch Runs | ✔️ | ✔️ | ✔️ | N/A | ✔️ |
| Exceptions | N/A | ✔️ | ❕ | N/A | N/A |
Enterprise Management
| Area | Create | Read | Update | Delete | Assign |
|---|---|---|---|---|---|
| Procedure Templates | ✔️ | ✔️ | ✔️ | ✔️ (archive) | ❌ |
| Batch Templates | ✔️ | ✔️ | ✔️ | ✔️(archive) | ❌ |
| Batch Parameter Groups | ✔️ | ✔️ | ✔️ | N/A | ❌ |
| Procedure Runs | ❌ | ❌ | ❌ | N/A | ❌ |
| Batch Runs | ❌ | ❌ | ❌ | N/A | ❌ |
| Exceptions | N/A | ❌ | ❌ | N/A | N/A |
Assignment Based Permissions
Procedure Templates, Batch Templates, Batch Parameter Groups
Users with ownership or assigned as authors to batch templates, batch parameter groups, or procedure templates will have the following permissions:
- Read, update, and delete (archive) batch/procedure templates, regardless of their role or user groups.
- Read and update batch parameter groups. Deleting (archiving) batch parameter groups is not supported.
- Assign batch/procedure templates and batch parameter groups to other individuals for authoring.
- Assign individuals to execute respective batch and procedure runs.
Procedure Runs, Batch Runs
- Users assigned to a batch or procedure run can execute the batch or procedure run on iOS, regardless of their role or user group.
- Users belonging to the Content Creator or Operative groups and are assigned to a batch or procedure run
- Can read and update the run on web.
- Cannot release a batch run unless they are also part of the Quality group.
Exceptions
In order to approve Exceptions, in addition to having the requisite update permissions, the specific user should also be on the “Exception Approval Users” list.
Next steps
Review the articles below to learn more about the following topics: