Access Management

Access management in Beacon Tower controls who can access the platform and what they can do within it. Users are individual accounts for logging in, while groups organize users into collections for easier permission and notification management.

• Definitions
• Concept
• Best Practices
• Workflows

Definitions

Term	Definition
User	An individual person's account used to log into Beacon Tower with profile information, credentials, and settings.
Group	A collection of users organized for easier management of permissions and notifications.
Resource	An item in Beacon Tower you can view or edit and have access to, such as an asset, dashboard, tree, or document.
Privilege	A permission that determines what actions an organization or a user can perform.
Organization Membership	The association between a user and an organization, granting access to that organization's resources.

Concept

Privileges and Access

In Beacon Tower, privileges determine what you are allowed to do, and this applies to both organizations and users. An organization with the Dashboard Management privilege is allowed to create its own dashboards, but it also requires a user that has the Dashboard Management privilege to do so. This also means that if an organization does not have Dashboard Management privileges, a user within that organization cannot be a dashboard manager. The organization privilege is the primary privilege.

Access means what resources you have access to. In Beacon Tower, most resource access is provided through organizations. An organization is granted access to a resource (either view, manage, or own), and any users within that organization then have access to it. This means that for most resources you cannot provide specific resource access. If you want a group of users to have more access to resources than another group, they need their own organization.

Access levels are viewer, manager, and owner. Viewers cannot edit resources (but they can set writable properties on assets). Managers can edit resources, and owners can delete them.

Groups

Groups are simply a collection of users. Access can be provided to groups the same way it is provided to users. For example, groups can be useful if a specific set of users should have access to all organizations. Then access can be given to one group instead of individual users.

Best Practices

Users

• Use meaningful display names that help identify users across the organization
• Use corporate email addresses for organization accounts to maintain professional standards
• Set appropriate regional preferences (language and units) based on the user's location
• Grant developer access sparingly - only to users who need advanced features
• Review user memberships regularly to ensure access levels remain appropriate
• Remove inactive users to maintain security and keep the user list manageable

Workflows

User Workflows

Creating a New User

1. Navigate to Administration > Identity & Access > Users
2. Click the Add button (+ icon)
3. Fill in the required fields:
   • Display Name: Enter a recognizable name for the user
   • Email: Enter a valid email address (this will be the login username)
   • Password: A secure password is auto-generated; modify if needed
4. Configure optional settings:
   • Phone: Add a contact number if needed
   • Language: Set the preferred interface language
   • Units: Set the preferred measurement system
   • Is Developer: Enable if the user needs developer access
5. Click Create
6. In the organization dialog, select which organization to associate the user with
7. Confirm the selection

The user can now log in using their email and password.