Authorization
Authorization in Seeq
Authorization in Seeq controls who can do what with which items. Every object you create or access in Seeq, such as a signal, condition, workbook, or datasource, follows the same underlying authorization model. This page introduces the key concepts of authorization in Seeq and helps you choose the right topic to learn more about permissions, scope, and inheritance.
Key Authorization Concepts
Authorization in Seeq is built on a set of concepts that work together to control who can do what, with which items, and where those items appear.
Concept | What it Means | Why it Matters |
|---|---|---|
Items | Everything you can see or share in Seeq, such as signals, conditions, workbooks, and topics, is an item. Each item is a distinct authorization boundary. | Permissions are always defined at the item level. |
Permissions | Define what a user can do with an item: Read (view and search), Write (edit or rename), and Manage (control access, delete, or change scope). | The combination of permissions determines what actions are allowed. |
Scope | Defines where an item is visible. Most items are locally scoped (only visible within their workbook or analysis). Some items may be globally scoped so they can be found across Seeq. | Scope controls discoverability and visibility across workbooks. |
Inheritance | Determines how permissions are passed from parent objects like datasources, folders, or workbooks to their child items. A user receives the most permissive access from any source. | Inheritance reduces administrative overhead and keeps access consistent. |
Datasource Permissions | When items come from an external datasource (like a historian or database), that datasource may apply its own access rules. | Users might not see or be able to find data if the datasource restricts it and the connector is configured to replicate entitlements. |
Derived Items | Derived items such as calculated signals, calculated conditions, or Organizer topics created from other items do not retain the permissions of their inputs. They are independent items with their own access rules. | Derived items are independent pieces of content so they can conveniently shared without requiring the raw data be accessible. Always verify that what you are sharing is appropriate. |
Together, these concepts ensure Seeq remains secure while allowing users to collaborate and build upon shared analyses without needing to manage permissions for every single object individually.
Typical Scenarios
If you want to… | Go to… |
|---|---|
Understand why you can or can’t see a particular item | |
Understand the types of items | |
Keep permissions consistent across item types | |
Control access to data from a remote historian or datasource | |
Grant or revoke programmatic access for integrations |