Access control

Access control of users in the system is granted by eLEAF. It has three components:

  • Cognito access
  • Farm-based access
  • Customer-based access

Terms

Customer
the organization that pays for the use of Fieldlook
Customer user
a member of the customer organization
Customer user group
a group of users with a common function
Farm group
a group of farms that belong together

Cognito access

Cognito is an Amazon Web Services (AWS) service that controls user accounts. It can also be used to place users in privilige groups. The following groups are available in Fieldlook:

  • eLeafAdmins: For eLEAF employees only. Enables access to everything in the platform. Shows the Admin area menu.
  • clientAdmins: Enables all of decision support. Shows menus Field alerts, Field actions, and Rules
  • Expert: Enables decision support configuration. Shows Rules menu
  • DecisionSupport: Enables decision support use. Shows menus Field alerts and Field actions
  • Regular: Basic access to the platform. Shows menus Map and List. All users have basic access, so this group is not really needed. It just makes access more explicit.
  • Guest: This user has read-only access to the platform (the parts specified by the user's other groups). All changes the user makes to the platform are local and will be undone the next time the website is synced. The group should only be used for demo-accounts, to preview the platform's functionality.

Farm-based access

Access to fields is granted on a farm level. When you have access to a farm, you'll have access to all it's fields. Since the platform allows the management of multiple farms, access is currently given on a farm group level.

The following schema shows how users get access to their fields:

Customer user -> Customer user Group -> Farm Group -> Farm -> Fields

Each user belongs to a user group. Users groups are assigned to farm groups. A farm group consists of multiple farms, and a farm can have multiple fields.

Access is granted by assigning customer user groups to farm groups.

Customer-based access

The following resources are specific to a customer, and are only available to that customer:

  • Customer user groups
  • Farm groups
  • Alerts and alert types
  • Rules
  • Action types and actions

As a user you are usually placed in a user group of a single customer. But this is not required. Some users are associated with multiple customers.