Answer
Jan 20, 2021 - 01:01 PM
Yes - I think there are 3 questions here.
1) What a user can see.
2) What they can do
3) Automatically Authenticate
Question 1 - What they can see.
This is controlled via categories. Everything belongs to a category, they are the pages you see in the dashboard, i.e.
But more than this every, layout, chart, filter, data connection and object in a data connection belongs to a category.
Put simply a user will only see content that is in categories that they have access to. Now you can either allocate categories directly to a user, or you can allocate through roles.
This is all controlled in the configuration area (you'll need to be an admin for this).
Navigate to the User Access panel.
Then select your user.
Then you can either select to roles you would like them to have
Or you can directly grant the categories.
But it’s always best practise to control through roles.
Question 2 – What can they do?
This is achieved through the users type and privileges. 
As you increase the users type from viewer to administrator the number of privileges available to you also increases.
You can also provide privileges based on roles.
NOTE: a user can never have privileges that their type does not allow. When you also provide privileges through roles then the user gets the best of the combined access of all roles that are allocated to them and their own privileges.
Question 3 – Automatically authenticate.
There are two main methods used by pi customers (there are others get in touch if these don’t work for you)
Firstly, using an external auth provider, i.e. office 365, google etc.
On the user account there is an allows external login option, this is used in conjunction with Oauth credentials in the configuration panel. 
Alternatively, you can call the API to authenticate and make requests to pi passing the token which then know who the user is.
Add New Comment