Nimbus uses a roles and permissions system that allows Luware partners to distribute administrative permissions further. This level of delegation is possible down to a (single) service administrator level. By combining these roles with our Organization Unit concept a very detailed access on data entities and UI view permissions can be configured.

RoleLogin to
Admin UI
Access to Service
Live Reporting Data
Access to Service
Historical Reporting Data
Description
Partner Administrator(plus) (minus)(minus)

Tenant Administrator(plus) (minus)(minus)
Service Administrator (minus)(plus) (plus)

"Team Owners" - synced from the respective Microsoft Teams channel - are also acting as Service Administrator for the respective Nimbus service. 

  • Access to respective Service Settings and Configuration items of their respective service(s).
    (lightbulb) Resource items can be assigned on service level or are provided by an Administrator via tenant level Organization Unit assignment.
  • Access to install Power BI to evaluate Historical Reporting Data directly from the database.
  • Can adjust their User Settings (e.g. to configure language, permissions).
User(minus)(plus)

(minus)

"Team Members" - synced from the respective Microsoft Teams channel - are Nimbus users acting as part of a service team.

  • Users have no access to the Admin panel.
  • Can access live Reporting in viewer role.
  • Can adjust their User Settings (e.g. to configure language, permissions)
  • Focus mainly on the Usage of Nimbus .

Users access control concept

To better understand the user access control of Nimbus we need to explain a few related concepts:

  • Each configurable element in Nimbus is called a data entity. Most entities are assigned to one Organization Unit (OU).
  • Users are also considered entities and thus assigned to one OU. Their roles are defined by the access permissions granted within that OU.
  • The final access concept combines combines OU and Role, answering the following questions:
    • OU = Where does a user have access / what can be seen by that user?
    • Role = What can the user do on visible entities (create | read | update | delete)?

(lightbulb) Conclusion: Depending on OU and role assignment Nimbus users can see and do different things within their respective service teams.