Station architecture for Sedona user management uses a ‘tiered” approach, where:
The “top tier” is in the station’s Services container, where a SedonaUserManagementService (Sedona User Manager) provides child “UserService” and “RoleService” components.
As shown above, each of these two child services has a default manager view.
In the User Service’s manager view, you create/manage users (name and password).
The Role Service’s manager view lets you create/manage roles (permissions and provisioning rights).
Users and roles can apply to all Sedona networks in the station. By themselves, components in this tier do not do much, at least until they are mapped to networked devices in the next tier.
Any Sedona network in the station (SedonaNetwork, SedonaJen6lpNetwork) now has a Sedona Device User Manager view.
In this view, all networked child Sedona devices appear. For any device, you can map (add or delete) users and roles defined in the station’s service, where each user is assigned to a role. This allows the same user to have different roles (and therefore permissions) in different devices in the network.
This network view also provides a “Change Super User” function, to globally modify the super user account used by Niagara to communicate to all Sedona devices in the network (the account referenced in the “Credentials” property of each SedonaDevice or SedonaJen6lpDevice). This user account is not seen in the station in any Niagara manager view, but is “owned” by Niagara and used for almost all communications in a Niagara integration. This function can be handy if many devices were installed with factory-default super user credentials, preventing against unauthorized access.
Copyright © 2000-2014 Tridium Inc. All rights reserved.