If you have more than a few i-Senses, or if you want to share the data from your i-Senses with several other people, you may want to use the groups features of the i-Grid web site. Using these features, you can:
A principal of the i-Grid groups system is that permissions are given, not taken: that is, no one can acquire a permission unless a logged-in user with control over the permission explicitly grants it to them. All permissions are initially granted to the user who creates or registers a resource.
Data from one monitor may be useful to more than one person. The people who make use of that data may use it for different purposes, or at different levels of responsibility; or, there may be several different users filling the same role, perhaps on different shifts or perhaps due to personnel changes.
The simplest assignment of responsibility is for one person to have total responsibility for one or more monitors. To go beyond that, the first step is to create user groups for each differing role or responsibility; for example, one group for the plant maintenance workers, one for the corporate power quality group.
You can create groups and assign users in any order, and anything can be changed later, so feel free to start wherever seems easiest to you.
We recommend creating groups for each distinct role, so that you can assign permissions to groups rather than to individual user's logins. It makes it easier for a person to change responsibilities, and it provides a better record of the responsibility for any configuration changes. Along the same lines, we recommend against sharing site account logins among several people; it's better for each user to have a distinct login, and to use a user group for any shared permissions or privileges.
Each user can belong to several user groups, so you can divide access control up as finely as you like; the permission a user has for each monitor is the sum of permissions for all the groups the user is in.
Also, user groups can contain other user groups, with the effect that any permissions granted to a user group are granted to any users within that group, whether immediately or with several levels of nesting. In fact, a user group can belong to more than one parent group; the permissions for each parent group are granted to users in the child group.
The purpose of user groups is to control permissions. The fundamental purpose of permissions is to control how a user can see and view a monitor. We have divided the possibilities into these permissions:
The interpretation of the various permissions alters slightly when applied to a monitor group, rather than an individual monitor. For monitor groups, the various permissions mean:
Note that without this permission, the user will not know of the existence of the monitor group.
There are also permissions settings for user accounts:
Certain permissions imply others; specifically, administration permission implies all other permissions, and control permission implies detail permission.
The user who creates an entity is initially granted all privileges, including the administrator privilege (which confers the right to grant privileges). When a user login is created, there is a default monitor group created named "The i-Senses of username"; any monitor that this user registers is initially made a member of this default monitor group. The user can re-name this default monitor group, and can remove monitors from it without losing access to the monitors. The user can also create other monitor groups and user groups at will.
When an entity is created, the initial assignment of permissions are that the creator has all permissions (including administration), and no-one else has any permissions. The exception is monitors, where the initial configuration on registration is to grant anonymous read-only permission to public, permitting everyone to see limited non-identifying power quality information from the monitor.
In order to grant permissions to a user you must be able to see that user, which you cannot do in the default initial state, where no permissions are granted. Therefore, in order to get the process bootstrapped, someone must select their user as available for sharing so that other users can grant permissions to it.
Each i-Sense monitor is uniquely identified by the serial number printed on its nameplate, and may also be given a more helpfully mnemonic name. Each monitor is registered by a site user to their own account, and is initially administered by and visible to that user account.
Each monitor can be assigned to one or more monitor groups.
Like user groups, monitor groups can contain other groups, with the same interpretation: a monitor group contains any monitor directly in the group and any monitor in any group contained, at any level of nesting, in the initial group.
The "Manage My i-Senses" part of the i-Grid website, which is accessible only to users who are logged in, has pages that list the monitors, monitor groups, and user groups accessible to the user. Within those lists, the name or number of each entity (monitor, monitor group, user, or user group) is generally a link to a detailed information page for that entity. If the logged-in user has sufficient permissions, the detailed page has editable fields that can be saved back to the i-Grid server.
The list pages also have entry lines that can be used to create or register new list items. Monitors can be added to groups by typing the monitor's serial number into the monitor list; similarly, monitor groups can be added to monitor groups by typing the monitor name into a text field in the monitor group page, or by selecting the monitor group name from a menu.
The detail page for a monitor group shows the list of monitors and the list of monitor groups contained in the group; new monitors can be added by serial number, new monitor groups can be added by name. There is also a panel showing the permissions granted for this monitor group, if the user is an administrator for the monitor group.
The detailed information for an individual monitor, which includes the monitor location and name, is visible only to users who have been granted detail permission for that monitor (directly or indirectly). The settings can be changed by users who have been granted control permission.
The detail pages for each monitor have a table that gives control over the privileges for the monitor; privileges can be granted to an individual user or to a user group.
Similarly, users and user groups can be added to user groups by selecting them from the lists of available users and groups. The detail pages for a user group show the current list of members.
The detail pages for the user, which is available only to the user themselves, shows account and personal information.