Apply Inventory Roles to Assets Hierarchy

Hi All,

I have a question about how to correctly apply Inventory Roles to limit visibility within an assets hierarchy. I’d like to understand if this isn’t doable in Cumulocity or if there is some workaround.

Consider the following scenario:
I have created an assets hierarchy through the Digital Twin Manager, with 3 nested levels: House > Rooms > Devices
Then I defined 3 users and a single Inventory Role with full access to everything (type = *) with READ permission.
I’d like to obtain the following behavior:

• User 1 has access (read-only) to the full hierarchy (house, rooms and devices)
• User 2 has access (read-only) ONLY to Room 1 and its devices
• User 3 has access (read-only) ONLY to Room 2 and its devices

I managed to give User 1 the right permissions by assigning the Inventory Role to the parent asset (House), which in turn is applied also to the children (all rooms and devices)
For users 2 and 3 however, it is not working. I assigned the same Inventory Role at Room level (instead of House), but when accessing the navigation menu the whole asset tree is no more visible.

For example, when accessing as User 2, I was expecting to see the House asset in the navigation menu, and when expanding it, to see only sub-asset Room 1 (and its devices).

Is this a hard limit of Cumulocity? Are there any alternatives to get to the desired result?

Any help would be much appreciated

Thanks

What you’re trying to achieve should work fine. Just tested below scenario.

• I have one user seeing the entire building (house with two floors, two rooms per floor, 2 devices per room)
  

  

  image1714×1784 408 KB

• I have another user seeing only a specific floor (with its two rooms) of the house
  

  

  image1724×1434 328 KB

• And a third user seeing only one specific room within the house
  

  

  image1708×1064 126 KB

Is this the functionality you’re looking for?

@Korbinian_Butz1 I think what is expected is to also see the hierachy at every level. House → Floor → Room. Am I correct @davidelh ?

The RBAC roles include the Assets they are assigned for. So if you don’t have read permission to “floors” you won’t see it in the navigation but just the rooms.

Yes, what @Stefan_Witschel is saying is right. In @Korbinian_Butz1 2nd and 3rd examples, I’d also like to view higher levels of the hierarchy. So user 3, that is allowed to see only Room 2, should also view in the menu Floor 1 and Building entries (parents of Room 2), but should not see Floor 2 and Room 1 (of Floor 1).

As far as I understand, this is not possible unless the read permission is given at the higher hierarchy level (Building). But, since the role is inherited by all children, the user will always see the full hierarchy.