How to Manage Roles, Service Access and Permissions in PlantSight


 

 

 

 

 

 

 

Applies To 

 

 

 

 

 

 

 

Product(s):

PlantSight

 

 

Version(s):

2.0

 

 

Environment: 

Windows 11 (64 bit)

 

 

Area: 

-

 

 

Subarea: 

Roles, Service Access and Permission

 

 

Original Author:

Rahul Kumar, Bentley Global Technical Support Group

 

 

 

 

 

  

 

Background

The document is intended to explain to the reader the basic information about various service access and permissions defined and used within PlantSight. It also provides an overview of the access and permissions to be defined for the Administrator and non-Administrator (Team Member) role. This section will contain information on creating roles and users as well as understanding services and setting permissions in a PlantSight facility/project.

 

Roles and Permissions within PlantSight

Within PlantSight there are several default roles. Each role can have specific permissions and each user can be assigned to a role. In this section we will address roles, permissions, and user assignments.

 

PlantSight Administration Permissions

Users requiring access to the Administration settings in PlantSight, must have the role of CONNECT Services Admin set in the usermanagement.bentley.com for your organization. The person within your organization with permissions to manage Bentley Users, is required to perform the role change. The role assigned to the user is CONNECT Services Admin.

 

Role-Based Access Control

The underlying permissions for PlantSight have been configured at an upper level by Bentley. These permissions are referred to as RBAC (Role-Based Access Control) permissions. PlantSight uses a default RBAC page from Bentley CONNECT. This means that all RBAC permissions are present in the Services and Permissions content panel. In this document we will address the services and permissions specific to PlantSight.

 

Overview of the Project Role Management Page

The Project Role Management page has several areas that need review. using 'Configuration Setting' Open 'Manage your Team' option

Select User and use '+Add" for adding user details in a project



Add user- set 'welcome Message' - Opt for assigning user as Owner and add roles by selection options available 



It will display below page where one can add 'User' and assign 'Roles

 

Starting in the menu on the Right-hand side of the page:

Enterprise Roles: These are Bentley supplied enterprise roles and cannot be edited or deleted.

Project Roles: These are project specific roles. These can be edited and deleted as well as all newly created roles are stored as Project Roles.

Note: The Enterprise roles should be used as a template for creating project specific roles, it is not recommended to use these roles directly for your project. The enterprise roles are subject to change over time.


After saving Project roles, it will be shown as below


On Selection of any Role - 'Edit' would aid admin to customize role based on Project role setting given to user


 

There are Two types of roles described

General Permissions: Listing of permissions related to administration of projects, users, and roles. These permissions, allow for additional administration rights. This section includes additional settings under Project Activities, Administration, and ProjectWise Work Rules Service

Continuing in the Content panel on the right-hand side of the page.

Service Access and Permissions: This section contains a listing of permissions related to granting access to services within the project. by hover over icon, user should understand the types of permissions. Under every permission like View/Read/Write/Manage/Delete are easy to understand and self-explanatory. 

Manage Roles

  1. In the Manage your Team Content panel, click on Manage Roles.

  1. From the Assign Roles user may add all the new members 
  2. In the Create Role dialog, select a Existing role (this is optional but is highly recommended), assign a new name under Role Name, and enter a Role Description if desired.



  1. Click Create and Save. 

 

Reviewing General Permissions for the New Role - BIM.

Based on the example above, where a Team Member role was used as a Existing Role, User need to review the General Permissions for their new role. Keep in mind – governing the General Permissions Services and permissions is controlled at the enterprise level and a user must have access to the Administration tool to have any access control here. Search with Keyword 'BIM' and click on Edit to review various permissions and controls


Looking at the General Permissions, one group at a time, we see the following.



save changes and new role will be visible for username
 

Creating Users and Assigning to Roles

Once you have constructed your project roles, you need to create the users for the new project and assign the users to the various roles. Remember that Roles are stored in Template projects and do not need to be recreated for each project. Users, however, must be created anew for each project, unless the project is created from an organization template, then users will also be copied to the new project.

 Creating a New User by Name and by Email

Creating a user manually can be done from a username in your domain, or from an external source using an email address.

  1. Log into the PlantSight project as an administrator.
  2. In the Manage Your Team page, click on + Add User(s) button in the content panel.

Adding the user by name.

    1. Start typing in the domain members name, the list is dynamic and as soon as the list filters and you can select the desired user, pick on the user's name.
    2. User may add Welcome Message for new joiners
    3. You can assign the Role if desired,
    4. Click the plus sign next to the name.
    5. At this point you can repeat steps a, b, and c, to continue to add additional users.


    6. After you have added the desired users, add a Project invite message if desired.
    7. Click Add User(s).

Bulk Actions

Creating bulk list by importing list via xls. 

  1. On the PlantSight 'Configuration Settings > Manager your team - Bulk Actions facilitates user to import the list in bulk. Which helps user to reduce time on entering each data. 

  1. Under the Bulk actions > Download users (.csv) - enter credentials and type of role and import the list 



  2. Once it uploads, the list appears on user page

 

 

Modifying a User Role

If you need to change a user's role in the project, you need to select the user and then modify the role.

  1. From the Manage Project Team Members page, select the user by clicking in the check box next to the username.
  2. In the content panel, click on Modify Role(s).



  3. Change the role as needed. Note – a user can have more than one role.
    A screenshot of a computerDescription automatically generated

  4. Once you have made the role change, click Modify Role(s).

PlantSight 'Documents' Feature

In PlantSight , RBAC permission of Documents required to access by an Organization and its admin and non-admin participants. Below option to access. 

Note - Documents Feature is not enabled for all in general. User need to contact PlantSight Support team to get this feature enabled to utilize it effectively.

  1. Check on the permission enable 'Show Document' option by navigating 'Configure' -> 'Manage your team ' option like show in image below.



  2. Once the option enable it will be visible in left pane of PlantSight Page option shown in below image. 



  3. For accessing Configure Folder access for a non-admin user.
         (Show Documents, Configure Folder access under Documents tab, and Access Team Member and Role management under the Administration tab should be enabled)
         Note - Enable following Permissions 'Show Document', 'Access team Member and Role Management'  & 'Configure folder Access' by navigating 'Configure' -> 'Manage your team ' option. See Image below





    Note: In Below image, 'Set Folder Access' can been once the above permission gets enabled



    Note : User may use various options like 'Force all child Folder to inherit' the same setting by checking it on for same setting Roles and Permissions.



  4. For accessing the Documents settings widget under 'Configure' for a non-admin user
        (Show Documents, Configure Connections and settings under Documents tab, Manage Settings under Product Settings Service, and Modify PS Federated Connections under PS Federated Connections  tab should be enabled)


    Note: Using above permission enabled, user can access 'Document Settings' tile under 'Configure'



    Note: User can see 'Document Settings' page under 'Manage' option.


 

 Comments or Corrections?

Bentley's Global Technical Support group requests that you please confine any comments you have on this Wiki entry to Forum section? section. THANK YOU!