Zebrix Control provides a flexible and structured access management system, allowing permissions to be assigned according to a user’s role and the scope in which they are allowed to operate.

Access management is based on three fundamental concepts:

• Users – Individuals with an account in Zebrix Control.
• Roles – A set of permissions defining the actions allowed.
• Groups – The association of a role with a specific scope (location, equipment type, tags).

A user’s final access level is the combination of their role permissions and the scope defined by the group(s) they belong to.

• Apply the principle of least privilege
• Create roles aligned with business functions (Technician, Manager, Supervisor…)
• Use groups to segment access by area or responsibility

Roles define what a user can do within the application.

Menu: Administration > Roles

For each module (Equipment, Alarm, Incident, Location…), you can authorize:

• View
• Create
• Edit
• Delete
• Execute commands (for equipment)

A role defines the allowed actions, but not the scope where they apply.

Groups associate a role with a specific operational scope.

Menu: Administration > Groups

A group contains:

• A role
• One or more users
• Scope restrictions

A group can be restricted to one or several locations.

Example: A Proximity Île-de-France group may only operate on equipment located in Paris.

A group can be limited to specific equipment types or product ranges.

If no filter is defined, the role applies to all equipment within the selected geographic scope.

Access can also be restricted to equipment associated with specific tags.

This enables fine-grained segmentation (VIP equipment, Critical systems, Specific department…).

A user may belong to multiple groups.

In that case:

• Permissions are cumulative
• Scopes are combined

The user’s effective access corresponds to the union of all permissions granted by their groups.