New functionalities & improvements
New: Roles have been added to the application. They were previously known as “User Groups".
- A role is a global set of permissions for a user. With this function you can assign, change or remove roles from users. You can also assign inventory roles to specific users and associated hierarchy. Cumulocity distinguishes two types of roles for users:
- “Global Roles”: These enable a user to create, administrate or read respective data in the overall tenant.
- “Inventory Roles”: Those define a specific level access to data in your account, restricted to a group and their child objects/devices.
- Attached to global roles are also application access permissions: These define the applications that users can see and use in the application switcher.
- All roles can be modified. In order to modify a role, simply click on the desired role.
- Roles can also be duplicated. To duplicate a role, hover over the desired role and click on the cogwheel. Then, click on “Duplicate”. To remove a role, click on “Remove”.
Users UI and functions have been improved.
- The listing of users has been improved to follow the new card layout:
- The first panel shows the user profile and global roles.
- The panel “INVENTORY ROLES” shows a list of groups and subgroups in your tenant. You can assign available inventory roles here. Inventory roles are assigned to groups and subgroups of devices. Sub- groups inherit inventory roles from their parent group.
- The panel “APPLICATION ACCESS” shows available Cumulocity applications for this user. Choose available applications for users with this list. These application are visible in the application switcher of this user.
- In order to disable or delete a user, click on the cogwheel next to a user and then, click on the desired action.
New: User hierarchy and user delegation have been added. Your tenant has to be subscribed to respective feature FEATURE:ADVANCED_RBAC in order to use them.
- “Owner” field: Clicking on this field opens a dropdown menu showing available users to assign ownership of this user. By setting the “Owner” you create a hierarchy of users, where each user can see the hierarchical user tree. As a consequence, users who have an owner, can at most have the same global roles as their owner.
- In the screenshot below you can observe the hierarchy tree. Below the “User Name” sometimes you can also see “delegated by” mentioned. This means that a different user has delegated his or her user permissions to this user.
- “Delegated by” field: Here a user “TestUser” can delegate his or her global roles to a user “newuser”. The delegated user “newuser” can then manage users with the same permissions as “TestUser”. You can also delegate on a temporary basis, for example if the user “TestUser” goes on holiday.
Important: If the delegated user also needs to manage specific devices, the admin user must assign this device permissions (inventory roles) directly to the intended user. This can be done by using the “Copy inventory roles from another user”.
- Please note that, delegation works only inside the user hierarchy management.
“Home” and “Welcome” no longer contain tenants statistics widget by default.
The new “Dashboard” and “Widget” configuration improvements for styling have been added to the “Home Dashboard” as well.
Device Management Improvements
During device registration, a device group can be provided for the device. Once the device is successfully created, it is automatically assigned to the group.
- Access to device credentials is granted when you have “Admin” rights for the device. It no longer requires user permissions.
- Access to identities of a device is granted when you have “Admin” rights for the device. It no longer requires identity permissions.
- Access to bulk operations is granted when you have “Admin” rights for the group and bulk operation permissions. It no longer requires global permissions.
- Tenant admins cannot edit TFA (two factor authentication) settings anymore, if this has been forbidden by the service provider based on system property settings.
- TFA tokens are invalidated after a user has been inactive for a certain time. [#10691]
- Possibility to grant “support user” rights only to a certain group of tenants has been added.
- If “Access Denied” is encountered in the UI, because of lack of permissions, you have the possibility to see which requests failed.
- First, a message is shown stating that you do not have access to the requested data.
- Then, in order to see which request failed, you can either click on “More” or you can go to the user menu and click on “Access denied requests”.
- Next to the url paths you can see the times a specific url was requested. If you wish to clear the url paths, click on the reset button.
- “Nethix WE500” device guide has been added.
- “OPCUA Java gateway” device guide has been added.
- Dashboards documentation in “Cockpit” user guide has been updated.
The numbers after the hash (#) refer to Zendesk numbers.
[Cockpit] Lock dashboard option is no longer missing in “Home Dashboard” and in “Report Dashboard” [#8790]
[Cockpit] In the data point explorer, the starting date can no longer be later that the finish date
[Cockpit] “Datapoint graph” is no longer displaying datapoints which have been already added to the graph [#11461]
[Cockpit] SmartRules “On alarm duration increase severity” are not working
[Cockpit] “Attribute widget” shows data even when all attributes are unchecked in config [#11462]
[Cockpit] SmartRules in “Device details” -> “Info tab” cannot be deactivated
[Cockpit] An error “Invalid format: null” is shown when you try to export
[Cockpit] Children in groups are sorted in reverse order, instead of being sorted normally
[Device Management] Bulk operations are “Pending” instead of “Executing”
[Device Management] An error in the console is shown when you “Request log”
[Device Management] If a bulk operation is cancelled during “In_Progress” state, the operations are still created
[Device Management] Bulk operations can no longer be cancelled in “Executing” state. Cancel operation is allowed only during “Scheduled”, “Active” and “In_progress” states
[Device Management] GPS tracks with another “fixType” defined are not being rendered
[Device Management] Event creation is not included in device availability [#11799]
- If a device sends an event, the device last message is not updated. Also, if the device was “offline” it doesn’t change status to “online”.
[Device Management] An error is shown when opening details of a bulk operation for deleted device groups
- After a device group is deleted, bulk operation details can still be accessed from “Device control”. This causes an error, since the device group was already deleted and it cannot load.
[Administration] When TFA is enabled, the PIN code sent to the user is sometimes invalid
[Administration] When changing groups, an error is shown.
[Administration] An error is shown when you try to remove the last remaining inventory role.
[Device Management] Device status is not changed to “available” when an event is created for that device. [#11799]
[Device Management]Sometimes events can be added to a particular “Managed Object” even when the “Managed Object” no longer exists.
[Device Management] A confusing error message is shown when you try to execute bulk operation for an empty group.
Additional bug fixes:
- When renaming nested groups, duplicate entries are displayed.
- If a group which contains a subgroup is renamed, the subgroup is visually duplicated.
- Ownership of a managed object is not taken into account. [#11392]
- If a user owns a managed object, he should have WRITE/DELETE permissions by default.
- After you logout from an application, when you try to login again with TFA an error is shown.
- When a user logs in an application he doesn’t have permission to, the display is sometimes broken.
- The “Data Points Graph” plugin translation is missing.
- An error is shown when uploading binaries from “Image” and “SCADA” widgets. [#11594]
- An error is shown when you delete inventory roles assigned to users and assets
- Now, inventory roles can no longer be deleted if they have been assigned to users. A warning message is shown instead.