Authorization
As an owner of a Bosch Semantic Stack tenant you can enable users and technical clients with read and write permission on service level.
Access is granted via various roles which allow them to manage the entities of the services respectively.
The assignment of roles to the users and technical clients happens in the Access Management UI.
This is a separate user interface, which you can access for your tenant at:
https://portal.bosch-nexeed.com?tenant=<your-tenant-id>
The different roles are described in detail in following sections per service.
Digital Twin Registry roles
Roles needed for the Digital Twin Registry:
-
Viewer: Read permission for aspects & twins
-
Twin Manager: Write permission for twins
-
Aspect Operator: Write permission for aspects, read & write permission for templates
-
AAS Viewer: Read permission for AAS resources, see Catena-X and Asset Administration Shell
-
AAS Manager: Write permission for AAS resources, see Catena-X and Asset Administration Shell
-
Message Operator: Reading of message client credentials
The module name displayed in the Access Management UI is Digital Twin System.
Aspect Model Catalog roles
Roles needed for the Aspect Model Catalog:
-
Viewer: Read permission for models
-
Model Editor: Write permission for models
-
Model Manager: Release permission for namespaces
The module name displayed in the Access Management UI is Digital Twin System Catalog.
Shared Settings roles
Role needed for adjusting the footer:
-
Shared Settings Manager: Read and write permission for shared settings (e.g. footers)
The module name displayed in the 'Access Management' UI is Digital Twin System Shared Settings.
Access Management roles
Roles needed for the Access Management:
-
Web Portal User: Access to Nexeed Web Portal
-
Web Portal Admin: Configure Nexeed Web Portal for the own tenant, e.g. footer or privacy configuration
-
User Reader: Read users, groups, and modules.
-
Module Manager: Manage modules including registration and removal.
-
Access Manager: Manage users, roles and groups as well as their respective privileges and relations.