Users and Groups

what are users and groups? users are people who access factry historian to view, input, or configure data groups are collections of users who share the same permissions within a specific organizations docid\ ie9bm zmn69tumtdfngbk in factry historian, users are assigned to groups per organization , and those groups define what they can access and do within that scope this page only applies to factry historian grafana users and groups are managed separately, with their own authentication and permission model why does it matter? factry historian is used by different roles (e g operators, engineers, the quality function, or it admins), each with different access needs groups make it possible to control access consistently and apply the principle of least privilege how does it fit in the system? per organization model each organization has its own set of groups all permissions are scoped per group a user can belong to different groups in different organizations , and therefore could have different permissions in different organizations there are no cross organization permissions or global roles example user giana solomon\@example com can be an operator in ghent brewery an admin in antwerp packaging not assigned to any group in bruges r\&d (and has no access there) group permissions groups define what users can do, such as reading and/or managing assets, collectors, events, manual entry forms, etc reading and/or managing audit logs, settings, and task schedulers reading and/or managing user groups and privileges reading and/or managing time series databases or external databases users inherit all permissions from the groups they belong to permissions are never assigned directly to users authentication options factry historian supports multiple authentication methods built in authentication managed entirely in historian, with local passwords ldap login against (local) ldap hosts azure entra id (formerly azure active directory) login with microsoft work accounts using oauth google oauth login using google workspace or gmail accounts when using ldap (with user groups) and/or azure entra id (with security groups), users' groups can be mapped to groups in factry historian automatically in the case of built in authentication or google oauth , users are assigned groups manually when you use it use the user and group model in factry historian when governing access to various settings in factry historian separating access and persmissions across organizations, production sites or divisions common misconceptions groups in one organization do not apply to another each organization manages its own group list and permissions authentication itself confirms a user’s identity, but it does not determine access grafana and factry historian access must be managed separately users who are not in any group for a given organization cannot access factry historian at all best practices keep group definitions aligned with job roles (e g , operator, engineer, admin) use external authentication when possible for easier user management review group memberships regularly and deactivate users who no longer need access document group permissions clearly, especially in multi org environments more information creating a user group docid\ iakxb5tnu0kdtuxko6i6w creating a local user docid\ psmmi93e4xutd2zxcqyna