Roles & Permissions¶
Consystence uses a layered access control model: organisation roles set the baseline, process/application groups provide fine-grained control, and platform admin overrides everything.
Organisation roles¶
Every org member has exactly one built-in role. Roles are hierarchical — each role includes all permissions of the roles below it.
| Role | Users & Orgs | Sites | Processes | Device Types | Alarms & Commands |
|---|---|---|---|---|---|
| Owner | Full control, billing, delete org, transfer ownership | Full control | Full control | Full control | Full control |
| Admin | Manage members, assign roles, manage integrator access | Create, configure, delete | Create, configure, delete | Publish, unpublish | Full control |
| Engineer | View members | Configure | Create, configure, deploy templates | Create, edit, version | Configure alarms, define commands |
| Operator | — | View | Interact: acknowledge alarms, send commands | View | Acknowledge alarms, send commands |
| Viewer | — | View | View dashboards, trends, alarm history | View | View only |
Tip
Most site operators should have the Operator role. Reserve Engineer for people who configure processes and author device types.
Process-level access groups¶
Organisation roles set a ceiling, but processes can further restrict access. Each process defines access groups with specific capabilities:
Process: Coal Handling Plant
├── Plant Operators → can send commands, ack alarms
├── Maintenance Crew → can view trends, ack alarms
└── Control Room → full process control
Template default groups¶
When an integrator authors a process template, they define default groups with role levels. These groups describe the access model the process expects.
When the template is deployed to a site, the site admin maps each default group to real users or org roles:
| Template Default Group | Mapped To |
|---|---|
| Plant Operator | Users: J. Smith, A. Chen |
| Maintenance Engineer | Org role: Engineer |
| Control Room Supervisor | Users: M. Thompson |
This separation means the integrator defines what access is needed, and the site admin decides who gets it.
Integrator access¶
Integrators (third-party engineers who build and deploy process templates) have no implicit access to an organisation's data or sites.
- An org Admin or Owner explicitly grants an integrator access to specific sites.
- Access is scoped and time-limited — it can be revoked at any time.
- All integrator actions are audit logged with the integrator's identity.
Note
Integrator access is designed for the deployment and support phase. Once a process is handed over, the integrator's access should be revoked.
Platform admin¶
Platform admin is a special privilege reserved for Consystence staff. It grants unrestricted access to all organisations, sites, and processes across the entire platform.
| Aspect | Detail |
|---|---|
| Who | Accounts with an approved @consystence.com email |
| How | Derived automatically at token issuance — no manual flag |
| Scope | All orgs, all sites, all processes, all admin functions |
| Audit | All platform admin actions are logged separately |
Warning
Platform admin bypasses all role checks and process-level access groups. It should only be used for support, debugging, and platform operations.