Organization of employee rights

Introduction

The document describes an example of functional organization of authorizations and division of responsibilities within the maintenance system (AMAGE Maintenance). Some general division of the functional scope and division of responsibilities has been adopted in medium-sized enterprises, where there is already a division into responsibilities

Division of people in the plant - scope of maintenance

Typically, in such plants, we have a division of responsibility into the following industries: mechanical, electrical and automatic.

Each of these teams is usually a manager of a given industry and line workers who deal with technical work and maintenance of equipment.

In addition, in plants with continuous operation, we have a control room/process supervision, which deals with the implementation of the main technological process and is usually responsible for the supervision of the process, ongoing control of devices and is a source of information about faults for technical teams. It consists of the control room manager (in a given shift) and control room employees supervising specific processes/functional scopes.

The last group is usually a significant group of subcontractors (service companies), which, due to their specialization and technical knowledge, have the skills, authorizations and organizational permits (from the device manufacturer) to carry out repairs and service and post-service inspections. Access to the plant is granted to a group of people who appear in the plant during repairs/maintenance of machinery and equipment subject to specific legal/organizational requirements.

In addition, there is a team of people outside the above-mentioned groups, who are support people, purchasing teams, warehousemen, traders, etc. Including people from senior management. Typically, these people may want to have access to view data in the maintenance system - due to the need to report or use this data in their duties.

Access profiles and their organization

In terms of functionality, the AMAGE system has a number of modules to which access can be defined. Usually, for individual sections of the module, we define a set of four permissions to determine access:

  • VIEW – the ability to enter a given module and view data

  • CREATE - the ability to create a new record (e.g. a service event)

  • EDIT – the ability to edit an existing record (e.g. device/resource)

  • DELETE - the ability to delete a record in the system (e.g. an already performed inspection)

In addition, specific authorizations may exist for individual modules, which result from the specific functionality of the module and its features. For example, in the module for recording production parameters, it is possible to block data modification for a given month. A separate authorization has been created for this function, because usually only one person in the plant has such an authorization - he/she verifies the correctness of data for a given month and has the authorization to close a given parameter before its further modification.

The available modules (not all!) of the AMAGE Maintenance system include (for example):

  • Data structure (resources, element types, locations, functional groups)

  • Service Requests

  • Inspections and inspections

  • Technical rounds

The scope of AMAGE Energy Production includes:

  • Production data

  • Environmental protection (integrated permit)

  • Orders/Delivery

  • Finance (invoices, controlling)

  • Warehouse

Inspection module - example of permissions

In each of these modules we have a set of functional modules. For example, the Inspection and inspection execution module is divided into:

  • Inspection Templates

  • Inspection plans (schedules)

  • Inspection performance

When defining permissions, we can approach it in such a way as to define sets of functions in access profiles that allow you to perform a specific action on a selected module (entire) or a selected part. Therefore, you can define three access profiles for this module:

  • Inspections - viewing - only access to the module, no possibility to edit any functions and modify data

  • Inspections - creation, editing - the ability to create, execute and edit an inspection (for templates)

  • Inspections - deletion - the ability to delete records. This protects against data loss and disappearance. Only the manager can delete records.

In a given profile, we define only a given scope of functions. So in "view" only functions related to browsing (access) WITHOUT editing functions, etc.

Once these permission profiles are defined, we can assign profile sets to the following people:

  • for a person from the office who is to have an inspection preview - only the "Inspections - viewing" profile

  • for an employee who needs to perform inspections, we add TWO profiles "Inspections - viewing" and "Inspections - creation, editing"

  • for the maintenance manager, who should have full control - all three profiles

This approach allows for quick modifications of permissions. Please note that each person owns these sets of profiles. So, when editing profiles, we can only modify the permissions for one person so that, for example, we can add the "Edit" profile to them, which will allow them to edit data in addition to viewing.

The Howto is based on system version 1.17.0.2 (03.2022) and presents features that may not be available in your system. Ask AMAGE about making this functionality available.
Due to ongoing development of the system, some screens or configuration files may look slightly different, but will still retain the full functionality described here. This does not affect the core functionality described in this document.