Decide which user Security Roles will be needed for your users.
In Atheer, a security role defines permissions for users to perform a group of tasks.
In an out-of-the-box Atheer installation, there are 12 predefined roles with predefined sets of permissions.
These roles include Super User, User Admin, Content Admin, Insight Admin, System Admin, AiRSession Admin, and User. Each role has a certain number of set tasks it is allowed to perform that are known as “capabilities”.
The Super User has the highest level of access while the User has the least. The User role, for example, only allows the user to read content and participate in AiRSessions and Conversations but not create or manage any other resources.
There are 12 out-of-the-box security roles in Atheer Studio that can be assigned to users:
- AiRForm Admin: This role has the ability to create, read, update, delete, and assign AiRForms. These privileges extend to all AiRForms irrespective of the author.
- AiRSession Admin: This role has the ability to create, read, update, and delete AiRSessions. These privileges extend to all AiRSessions irrespective of the author.
- Content Admin: This role has the ability to create, read, update, delete, and assign Content. These privileges extend to all content irrespective of the author.
- Insight Admin: This role has the ability to access system insights, dashboards, and reports.
- Job Manager: This role has the ability to create, read, update, delete, assign, and close jobs. These privileges extend to all jobs irrespective of the author.
- Job Technician: This role has the ability to self-assign, perform, and complete jobs.
- SmartFlow Admin: This role has the ability to create, read, update, delete, and execute SmartFlows. These privileges extend to all SmartFlows irrespective of the author.
- SmartScan Admin: This role has the ability to create, read, update, and delete SmartScans. These privileges extend to all SmartScans irrespective of the author.
- Super User: This role has full and complete privileges to manage every feature of the Atheer FrontlineOS.
- System Admin: This role has the ability to manage workspace level system settings including audiences, integrations, notifications, webhooks, SSO, and APIs.
- User: This is the end user role. This role has the ability to access content and other resources (AiRForms, SmartScans, etc.) made available to them as an individual or as part of an audience. This role can also create, read, update, and delete Conversations and AiRSessions. The ability to self assign and perform jobs is provided by the separate Job User role.
- User Admin: This role has the ability to create, read, update, and delete Users and Audiences.
- All accounts must have the “User” security Role.
- The “Super User” role has ALL Security Role permissions.
- Security Roles must be assigned directly and individually to user accounts.
Once you have decided which users get which User Security Roles based on the users’ role on the Atheer system, you can create those user accounts (see article: Adding and Uploading/Importing Users).
Decide on the “Audiences” (user groups) you will use to separate Content, AiRForms, SmartScans.
Atheer Studio separates users into user groups known as “Audiences”. These Audiences are used to give users permissions to:
- View Content
- Access AiRForms
- Access SmartScans
Users can be assigned to Audiences directly by their user account (static assignment) , or through their user account’s association with the user account data fields (dynamic assignment). Dynamic assignment is preferable, as it eliminates the need for accessing and changing each Audience when changes are made to a user’s access.
To create dynamic assignments, first, decide how you are going to separate your users. Some of the common ways to separate users are:
- The job they do
- Their location
- Their Language
- Their skill sets
- Their email addresses (or parts of them such as the domain)
- Their Security Role
Once you decide how you are going to separate them, you can decide which user account data fields you are going to use. Here are some of the common user account data fields that can be used for dynamic Audience assignment:
- Job Title
- Job Role
Now, work out the design details for your Audiences. Note the Audience design example in Figure 1, below. The title of the Audience is associated with the user account data field that will be assigned to it.
Figure 1. Example Audience Design for Squadron 3 at Reid Hillview Airport
Once the Audience design is layed out, it is perfectly simple to deploy the design in Atheer Studio. (see article: Managing Audiences) (See Figure 2)
Figure 2. Example of the deployment of the Squadron 3 Audience scheme
Once the Audiences are properly configured, modify the user accounts and enter the information in the user data fields that will be used to associate the user accounts to the Audiences (see Figure 3, below).
Figure 3. Example of designing user data fields to match the Audience scheme
Decide on the “Topic” (folder) scheme for your content.
Content can be separated into different folders, or Topics, in the Atheer Lens app to make browsing through Content easier. We recommend that you follow the following best practices for creating and managing Content and Topics:
- There are Parent Topics and Subtopics
- All content should be assigned to a Topic or Subtopic.
- There is only 1 level to the parent/subtopic hierarchy.
- Use Naming Conventions to keep Topics and Sub-Topics grouped properly.
See Figure 4, below for an example of a Parent Topic/Subtopic hierarchy.
Figure 4. Example of using the 1-level Parent topic/Subtopic hierarchy and good
Topic naming convention to organize and manage Topics
Once you have your Topic/Subtopic scheme designed, implement that design in the Atheer Studio. (see article: Content Management Overview) (see Figures 5 and 6).
Figure 5. Atheer Studio Topics creation and management page
Figure 6. Parent Topic and Subtopic relationship configured in Atheer Studio and how
the “Visible To” field is where you select the Audience that is able to view the topic
Confirm that the Topic/Subtopic scheme is working.
Now that you have the Topic/Subtopic scheme configured, the Audience scheme configured, and the user accounts configured, you can sign into the Atheer Lens app on a mobile device and test that everything appears as it should (see Figure 7.).
Figure 7. Two different users of the Atheer Lens app see two different sets of Topics
In our Squadron 3 example case above, you can see that Steve Mechanic’s Role is “Mechanic”, and his Location is “RHV”, so his app shows him the Piper Aircraft, Cessna Aircraft, and RHV Airport Information Topics. Stacy Manager’s role is “Airport Manager”, and her location is “RHV”, so she only sees the RHV Airport Information Topic, because her “Airport Manager” role is not assigned to a Topic.
Now, all content that is created and assigned to these topics will be seen when the users tap the topic buttons on their screens.
When you create your AiRForms, assign them to the proper Audience.
Now that you have your Audience scheme configured, you can use Audiences to grant access to AiRForms.
As you configure your AiRForm, please consider the following best practices:
- Use the same Audience list that you used for Content to dynamically assign AiRForms.
- Do not assign AirForms to the Everyone Audience, even though it is one of the options.
- AiRForms should be assigned to specific Audience(s) based on your design of which group or groups of users you want to access them.
Figure 8, below, shows where in the AiRForm configuration Audiences are assigned.
Figure 8. Audience assignment in the AiRForms configuration
When you create your SmartScans, assign them to the proper audience.
You can also use your Audience scheme to grant user access to SmartScans.
As you configure your SmartScans, please consider the following best practices:
- Use the same Audience list that you used for Content to dynamically assign SmartScans.
- Do not assign SmartScans to the Everyone Audience, even though it is one of the options.
- SmartScans should be assigned to specific Audience(s) based on your design of which group or groups of users you want to access them.
Figure 9, below, shows where in the SmartScan configuration Audiences are assigned.
Figure 9. Audience assignment in the SmartScan configuration
If you have any further questions, please feel free to reach out to our customer success team right here.