Roles and Users Tab - Metasys - LIT-1201528 - General System Information - Metasys System - 12.0

Security Administrator System Technical Bulletin

Product
Building Automation Systems > Building Automation Systems > Metasys System
Document type
Technical Bulletin
Document number
LIT-1201528
Version
12.0
Revision date
2022-08-05

The Roles and Users tab appears in the left pane of the Security Administrator system screen. See Figure 10.

When you select a user or role on the Roles and Users tab, the category-based permissions appear in the right pane. To provide more capabilities to the user or role, see Assigning Category-Based Permissions to a User or Role and System Access Privileges.

Consider the following when creating user accounts and assigning roles:

  • The users must have one or more roles in the system. The default role for a new user is USER. The USER role is granted read-only access (View Action set) to the General category.
  • You cannot delete or rename the predefined set of users. However, you can add or remove the predefined users, except the MetasysSysAgent, to or from roles and copy the users. You can view the Access Permissions and Properties of the predefined users but you cannot edit them.
  • You cannot delete or rename the predefined set of roles; however, Standard administrators can add or remove users, except the MetasysSysAgent, to or from the roles and copy the roles. You can view the Access Permissions on the predefined roles but you cannot edit them.
  • You cannot delete the ADMINISTRATOR role. You cannot delete or remove the MetasysSysAgent administrator account from the system.
  • You can copy and then modify the OPERATOR, ADMINISTRATOR, USER, and MAINTENANCE roles. When you copy these roles, the permissions for those roles are copied as well.

Figure 10 shows a summarized view of a user’s permissions, indicating the permissions provided by roles and the permissions directly assigned to the user. The two-headed icon indicates the permission is from the role level. The green check mark indicates that the permissions are from the user level. Figure 1 shows the relationship between role and user for the user shown in Figure 10.

Figure 1. Access permissions (Active directory not enabled)