User Role Settings¶
Purpose¶
Use User Role Settings to define roles and permissions for your organization.
Each user is typically assigned exactly one role. The role determines which app areas they can access and which actions they can perform.
Steps (create a role)¶
- Open Settings > User Role Settings.
- Select Add / Add +.
- Enter a unique role name.
- Enable the permissions required for this role.
- Select Save.
Steps (edit a role)¶
- Open Settings > User Role Settings.
- Select a role from the list.
- Adjust permission toggles.
- Select Save.
Steps (delete a role)¶
- Open Settings > User Role Settings.
- Open the role detail view.
- Select Delete (trash icon).
- Reassign affected users to another role.
What users see¶

- A role list with predefined and custom roles (for example: Admin, Viewer).
- Permission groups that can be expanded.
- Toggle switches for individual permissions.
Common permission groups¶
Permissions are typically grouped by app area. Common groups include:
- User management (create/edit/delete users)
- Role management (create/edit/delete roles)
- Alarm settings (create/edit/delete alarm configurations)
- Dashboard settings (create/edit/delete dashboards, ignore/restore messages)
- Instructions (create/edit/delete, backups, comments)
- Machine settings (create/edit/delete machines, status/scrap/message configuration)
- AI prediction settings (observation period)
- SSL certificate settings (download certificate)
- General app settings (default language)
- OPC UA connections (manage connections)
- Export machine data (allow exports)
Best practices¶
- Create roles per job function (operator, supervisor, maintenance, admin) instead of per person.
- Grant the minimum permissions required.
- Restrict technical settings (OPC UA, certificates) to trained personnel.
Troubleshooting¶
- Role changes do not take effect -> User session not refreshed -> Sign out and sign in again -> Ask an admin to confirm the assigned role
- You cannot delete a role -> Users still assigned or permissions restricted -> Reassign users first -> Escalate to an admin if needed