Administrator users can assign access permissions in IT Expert based on locations in the organization and roles.
-
Click Administration > Groups.
-
Click Add group to create one or more groups in addition to the default Administrators and Users groups.
Note: If you use SAML SSO, you must also create exactly the same groups in your identity provider if you create groups in IT Expert. For more information.
See Configure SAML single sign on (SSO) in IT Expert
-
Select a group and click Add locations.
Locations are hierarchical; locations inherit the role of the parent location. Sublocations cannot have more restrictive permissions than the parent.
- Assign at least one role to each location. Roles apply to all group members.
idea_icon_4409313154961.png Click Show to see a brief description of the user roles available in IT Expert.
-
Click Edit members to add one or more members to the group.
-
Click a user on the left to add that user to the list of group members on the right, or click a user on the right to remove that user from the list of group members.
When a user is a member of multiple groups, their permission the least restrictive role of all the groups.
ITE_groups_tab_4409313154961.png
Roles
Changes to roles and permissions, October 2023
- The Operator role was introduced.
- Access to move devices was removed from the Editor role.
- Access to create, remove, or edit locations was removed from the Editor role and is now included the Operator role.
|
Click Show to see a description of the user roles available in IT Expert.
Roles apply to all group members.
The Administrator role is global, with full access to IT Expert features in all locations.
The Operator role allows access to all features in selected locations. Operators cannot manage the call list or manage Administration.
The Editor role allows access to some features in selected locations.
The Viewer role allows view access to selected locations. Viewers can acknowledge alarms.
Note: The default Users role allows view access to all locations.

Note: You can view or modify a user's group membership, and view the locations and roles defined by that user's group membership, on the Users tab.
Permissions known issues
-
Viewer access to the Alarms and Active Lifespan Alarms assessments is available only when the Viewer user has permissions for all locations.
-
Operators, Editors, and Viewers can export assessments to CSV only when the user has permissions for all locations.
-
Alarms can be assigned to anyone in the organization including assignees who may not have permission to view them.
-
When All locations is selected, the contact list for the entire organization is displayed even though the user may not have access to the entire organization.
-
Asset Advisor customers get a daily push notification to the EcoStruxure IT app with information about new tickets and the number of alarms in the entire organization regardless of user role and permissions.
- SSO users configured manually before the ITE SSO feature was introduced must now send information for group(s) including Users (non-admins).