Roles and Permissions

Nimbus uses a roles and permissions system that allows Luware partners to distribute administrative permissions further. This level of delegation is possible down to a (single) service administrator level. By combining these roles with our Organization Unit concept a very detailed access on data entities and UI view permissions can be configured.

Role	Login to Admin UI	Access to Service Live Reporting Data	Access to Service Historical Reporting Data	Description
Partner Administrator				Access to: Tenant Administration, Services and User Administration. Manages Resources to be available to all services under the respective tenant(s).
Tenant Administrator				Access to: Services and User Administration. Manages Resources to be available to all services under the respective tenant.
Service Administrator				"Team Owners" - synced from the respective Microsoft Teams channel - are also acting as Service Administrator for the respective Nimbus service. Access to respective Service Settings and Configuration items of their respective service(s). Resource items can be assigned on service level or are provided by an Administrator via tenant level Organization Unit assignment. Access to install Power BI to evaluate Historical Reporting Data directly from the database. Can adjust their User Settings (e.g. to configure language, permissions).
User				"Team Members" - synced from the respective Microsoft Teams channel - are Nimbus users acting as part of a service team. Users have no access to the Admin panel. Can access live Reporting in viewer role. Can adjust their User Settings (e.g. to configure language, permissions) Focus mainly on the Usage of Nimbus .

Users access control concept

To better understand the user access control of Nimbus we need to explain a few related concepts:

Each configurable element in Nimbus is called a data entity. Most entities are assigned to one Organization Unit (OU).
Users are also considered entities and thus assigned to one OU. Their roles are defined by the access permissions granted within that OU.
The final access concept combines combines OU and Role, answering the following questions:
- OU = Where does a user have access / what can be seen by that user?
- Role = What can the user do on visible entities (create | read | update | delete)?

Conclusion: Depending on OU and role assignment Nimbus users can see and do different things within their respective service teams.