Cumulocity IoT Feedback Portal
We plan to use Inventory Roles to restrict access to data from devices installed at different customers. We do not want Customer A to be able to access data about Edwards' assets at Customer B, and vice-versa. Sometimes we also need to apply the same restrictions to our own employees, if they work exclusively with a single customer.
Right now, Inventory Roles are used to link device groups to individual users. We would like to be able to form groups of users, and assign Inventory Roles to the whole group, and by so doing, give those inventory roles to every user in the group.
This would make Inventory roles simpler to manage for a given group of devices: we would have one user group for a particular device group, assign the inventory roles to the group, and then move users in and out of the group.
When viewing the group, it would be important to be able to see:
The group members (which could individual users, or another group, or both)
The Inventory roles assigned by device group (much as you can see for a User today)
Hi Neil,
thanks a lot for your great feedback (as always!). In case you have not yet discovered: We do have a feature that allows you to copy inventory roles from one user and applies it to another user. You can find that in the Administration Application when you click in the Users view on the three dots for one user and then "Copy Inventory Roles from User".
Going forward, we do want to move into the direction of relying more and more on our SSO integration feature and external IAM systems as we see this as the preference from many customers. One feature that we are planing is to allow to allow to map permissions from the external IAM system to Inventory roles (Today only global roles are supported).
I hope that makes sense?!
Cheers, Nikolaus