How to give Users Access on Screens & Computers
OEE Coach contains a multitude of screens and functions. For a ‘regular user’ typically too much functionality is present.
In order to ‘customize’ what a user can see, access and modify, (and so to prevent an overload of information and functions,) OEE Coach can be configured.
This functionality is specifically not intended to be a security measure, although it could be seen as such.
Who can do- and see what and where
To be able to gain control over who can do- and see what and where, in OEE Coach it is possible to define this on cross-sections of users, roles and computers.
Per user can be defined what is his ‘role’. In a ‘role’ a set of rights is being defined. Per used computer, it is possible to define which machines, shifts and teams will be visible on that computer, in order to prevent ‘data overload’ to the user. The user may choose to switch this filter off, in order to see all data if needed. However, unless he has the right assigned to modify all OEE data, he will not be able to edit other data than those assigned to this (his) machine.
Views and Rights
Typically, a computer is installed at or nearby a machine or group of machines. This computer may have some PC specific settings needed.
One or more users can log-in to this computer and may require specific settings per user. Depending on the situation, the OEE Coach allows to configure different behavior.
There are 2 different settings that will influence what you will see on your screen.
- Views per Computer (What you will see when you are on THIS computer)
- The Rights you have as a user: your ‘Role’ will determines what you can access, modify etc.
Why different rights and views?
Different users will have different roles. Operators, team-leaders, operations managers, TPM coordinators; they all have different needs.
Does an operations manager needs to be able to change machine definitions? Or is it ok if he can see the settings? Should an operator be able to edit machines he never works at? To prevent OEE Coach users to make mistakes, or even abuse the system by changing definitions and configurations, it is possible to hide or prevent changing of sensitive areas to users.
OEE Coach assumes users to be responsible for their machines, factories and registrations. Limiting views and access to certain parts or data in the software, is not a matter of ‘locking’ data away. These features merely aim to prevent mistakes or improve usability, rather than to be ‘security measures’, although it may serve for that purpose.
Therefore, all data, except financial data, can be read by all users. Only financial data could be hidden, since it might contain critical information that should not be visible to just anybody.
Policy ‘what is visible’
For analyses, by default, all data in the OEE Coach is completely ‘Open’. So, on every computer, all machines, shifts and teams will be visible and all users will have full access.
To prevent ‘data overflow’ of users on a computer, redundant data can be hidden to any user working on this computer.
To add OEE Shift-data you have to configure PC-rights first since by default, no data will have been assigned to your specific computer.
Policy ‘Who modifies Definitions’ (master data)
The effectiveness of the OEE registration depends heavily on the way the parameters (‘master data’) are defined and configured. It is therefore not wise to allow each user to change freely parts of the definitions.
OEE Coach assumes there will be a standard to be followed in the different machine (master data) definitions. A user designated to keep all settings and definitions uniform and within the standard (the “OEE Master”), should be allowed to change settings if required, according to the needs of the users and within the standard. All users are allowed to read the definitions.
Settings per User: Roles
OEE Coach allows defining ‘Users’ and ‘Roles’. A user is some-one who is being identified when login into the system. A role defines what a user -in a certain role- is allowed to modify or read.
Per role, it is possible to assign one or more permissions. Define roles first; you will need them to be assigned to a user when defining users.
How does it work?
OEE Coach works with ‘roles’. Per role is defined what a user in this role may do or see. There are some default roles that might be sufficient for your application.
You can modify those roles or add new roles.
The advantage of working with roles is: you need to define the role ‘Operator’ only once, and may assign all users working as operators this role in just one click.
After you defined the roles, you need to define the users. A user is a person (or a team if you like) that works with the OEE Coach. When he logs in to the system, the system will know what his role is, and on which computer he is working. Based on this information, the user will see what he needs to see, to do his job on this Computer, and will be able to modify the data that he is responsible for. To prevent data loss due to mistakes, he cannot modify data that belongs to other users, unless this is specifically granted through his role-permission.
How to define ‘roles’
- Click on the SYSTEM icon in the left main menu bar.
- Select User Rights
- The Tab allows to switch between Roles – Users and Computers
- In the left-pane find the (pre)defined ‘roles’
- In the right-pane the credentials of the selected role
- Press [+] to add a new role or [Copy] to copy the current role.
- In the right-pane:
- add the name for this role
- select a permission
- add the permission to the assigned permissions in this role
- complete the permissions list by adding more permissions
The following permissions can be assigned:
- [Can modify All OEE data]. This allows the user to modify ALL OEE registrations, regardless its owners. This means, the user can modify OEE data on any computer, regardless which machines are assigned to the computer.
- [Can modify All Master data]. This allows the user to modify ALL master data, regardless its owners. This means, the user can modify ALL master data on any computer, regardless which machines are assigned to that computer.
- [Can modify Visibility of Machines]. ]. This allows the user to modify computer names and assign machines, shifts and teams to a certain computer.
- [Can modify own OEE data]. This allows the user to modify OEE data of machines that are assigned to the computer the user is working on.
- [Can MODIFY Financial Data]. This allows the user to modify financial data.
- [Can Modify Master Data of assigned machines] This allows the user to modify master data of machine, MAP and machine-sensors that are assigned to the computer the user is working on. He cannot modify any other master-data like shifts, activities, products etc. since those are ‘general’ master data.
- [Can MODIFY User Preferences]. This allows the user to make modifications in the preferences screen.
- [Can modify System Preferences]
- [Can MODIFY User Data]. This allows the user to modify users and roles, and assign roles to users.
- [Can READ financial data]. Whenever financial data are used, the user will be able to see them. Financial data are the only data that can be hidden for certain users.
- [Full Access] This allows the user to modify ALL OEE registrations, ALL master date and ALL settings: He gets full access to the system. This is a typical Administrators right.
- [Can lock shifts] Allows user (e.g. supervisor) to (un)lock shifts after verification.
- [Can do Batch Updates] Allows user access to the Batch Update functionality
- [Can Modify ReportMailer Rights] Allows user to change settings for report Mailer
After installing OEE Coach, the following default roles will be predefined:
|Power users||[Can modify ALL OEE data] [Can modify ALL Master data] [Can MODIFY financial data] [Can modify user preferences]|
|Managers||[Can modify OWN OEE data] [Can modify Master data] [Can MODIFY user preferences] [Can MODIFY user data] [Full Access]|
|Operators||[Can modify OWN OEE data]|
To enter the system for the first time, use user [Admin] and leave password empty. The system will now ask you to enter a new password. Enter your new password and go to the system-settings and define your users, rights etc.
More general settings that control the behavior can be found in the System menu:
- See: II 11.1 System Preferences: General settings for the software
- See: II 11.2 User Preferences: General settings per logged-in user, valid where the user has logged in.