Authorization

As an owner of a Bosch Semantic Stack tenant you can enable users and technical clients with read and write permission on service level.

Access is granted via various roles which allow them to manage the entities of the services respectively.

The assignment of roles to the users and technical clients happens in the Access Management UI.

This is a separate user interface, which you can access for your tenant at:

https://portal.bosch-nexeed.com?tenant=<your-tenant-id>

The different roles are described in detail in following sections per service.

Digital Twin Registry roles

Roles needed for the Digital Twin Registry:

Viewer: Read permission for all resources
Twin Manager: Write permission for twins
Aspect Operator: Read and write permission for aspects
AAS Viewer: Read permission for AAS resources, see Catena-X and Asset Administration Shell
AAS Manager: Write permission for AAS resources, see Catena-X and Asset Administration Shell
Message Operator: Reading of message client credentials

The module name displayed in the Access Management UI is Digital Twin System.

Roles needed for the Aspect Model Catalog:

The module name displayed in the Access Management UI is Digital Twin System Catalog.

Role needed for adjusting the footer:

Shared Settings Manager: Read and write permission for shared settings (e.g. footers)

The module name displayed in the 'Access Management' UI is Digital Twin System Shared Settings.

Roles needed for the Access Management:

Web Portal User: Access to Nexeed Web Portal
Web Portal Admin: Configure Nexeed Web Portal for the own tenant, e.g. footer or privacy configuration
User Reader: Read users, groups, and modules.
Module Manager: Manage modules including registration and removal.
Access Manager: Manage users, roles and groups as well as their respective privileges and relations.