Access Control

Strict access control makes sure, that only experts are allowed to create and edit dashboards, while users can only view and analyse data of selected dashboards.


DaqMon supports multiple levels of Role-Based Access Control (RBAC):

  • System level: every user has a system role which defines what they can do (Admin, Expert, User)

  • Project level: a project is a group of multiple dashboards and you can restrict which users are allowed to see or edit the dashboards in the project

  • Dashboard level: for each dashboard you can override the default access-level from the parent project

User Management

DaqMon allows you to create as many users as you like. Users can log-in using their e-mail and password.

Each user has a system role (User, Expert or Admin).

System Roles

The 3 system roles (Admin, Expert, User) define which system features a user is allowed to access

User

The User has only basic permissions, e.g.

  • log-in/out

  • change their own settings

  • view only specific dashboards

Expert

In addition to the User permissions, an Expert is also allowed to

  • create new dashboards

  • delete dashboards

  • edit dashboards: rearrange/add/edit/delete visual controls, change the assigned permission groups

Admin

The Admin has full access permissions. In addition to the expert, the Admin is also allowed to

  • create new users

  • delete users

  • change the password of any user

  • view and change system settings: e.g. upload API-Keys, e-mail settings, etc.

  • create projects, dashboards, ..

Access Levels

Project Level

Admins can restrict user access per project.
In the example above, the user named Expert is not allowed to access the project (and thus any dashboards that belong to the project),

John Doe is a system Expert, but for this project, we have changed his access level to User, so that he is only allowed to view the dashboards in this project, but can not edit them.

The other 2 users keep their default system role.

Dashboard Level

For each dashboard we can further restrict access.

Note, that the user Expert, does not even show up in the user list of the dashboard, because we have already denied access for this user on the project level.

Frank and John Doe have User access on the project level, but we deny them access to this dashboard: i.e. they can view other dashboards in this project, but they will not see this one.