OT-BASE Asset Center features a strong authentication regime in order to support one central database that is accessed by many users in different roles. In order to access data, you must be authenticated, no matter if the access occurs via the user interface or via the REST API. Access can be limited in various ways:
- access only parts of the asset inventory, e.g. only assets located at a particular site
- read-only vs. read/write access for parts of the asset inventory
- access to asset metadata such as location and OT system related data.
Dedicated accounts vs. Single Sign-On
Authentication can be accomplished in two different ways: Either by matching access credentials against user data maintained inside the integrated user management, or by matching access credentials against an LDAP server, such as Microsoft Active Directory. In the latter scenario, you don't necessarily need to maintain individual user accounts inside Asset Center.
The exception is the dedicated administrator account which can only maintained directly in the built-in user management, and which exists by default. The administrative account has unlimited access rights, including access to the MAINTENANCE section in the menu. The only setting that can be changed for the administrator account is the password.
All access rights are managed via user groups, even if there would be only one user. This is also the reason why you cannot add a new user account without associating that account with a user group, which has to exist in the first place.
Therefore, before populating your user database, start with defining user groups.