Skip to main content
Version: Next

Role Onboarding and Permission Model

This page defines a practical permission model for operator, engineer, and administrator onboarding.

  1. Operator:
    • Can view and execute runtime tasks.
    • Can create operational records.
    • Cannot modify global configuration baselines.
  2. Process Engineer:
    • Can create and edit process configurations.
    • Can run analysis and fitting workflows.
    • Cannot manage user accounts or system-level settings.
  3. Administrator:
    • Can manage accounts, roles, and environment settings.
    • Can manage backups, restore, and release operations.

Onboarding Procedure

  1. Create account and assign base role.
  2. Force password update on first login.
  3. Verify module access using a checklist scenario.
  4. Confirm data scope and organization scope constraints.

Change Control

  1. All role changes must have approver and timestamp.
  2. Temporary privilege elevation must include automatic expiry.
  3. Keep monthly access review records.

Common Misconfigurations

  1. User can open module but cannot save: missing object-level write permission.
  2. User sees empty data lists: scope filter or organization mapping issue.
  3. User sees too much data: role inherits unintended broad query permission.
  1. Remote and Local Database
  2. User
  3. Permissions and Data