Domain roles and domain groups

When you create a new domain, only a locked

Admin

group is created automatically. Any newly created users or users invited to join an organization belong to the domain root folder.

NOTE: The

Admin

group has full permissions on all resources of the domain.

As a locked group, the

Admin

group has several restrictions:

You cannot move a locked group from a root folder.

You cannot modify the locked group permissions.

You cannot edit the locked group name.

No other groups can share the locked group name.

You cannot add users to a locked group or remove them from it. You can do so in FactoryTalk Hub, and the modification is automatically mirrored in FactoryTalk Remote Access Manager.

Other domain groups

Users previously belonging to the

Owner

group in FactoryTalk Hub are moved to the

Admin

group.

Users previously belonging to the

Administrator

group in FactoryTalk Hub are moved to the

Admin

group.

Users previously belonging to the

Contributor

and

BillingAdmin

groups in FactoryTalk Hub are moved to the domain root folder.

User groups mapping
User group in FactoryTalk Hub	Converted user group in FactoryTalk Remote Access Manager	Notes
Owner	Admin	Admin users have full permissions on all resources of the domain
Administrator	Admin	Admin users have full permissions on all resources of the domain
BillingAdmin	no group, belongs to the domain root folder	BillingAdmin can be assigned defined roles and privileges within the organization by administrators. BillingAdmin permissions can be changed.
Contributor	no group, belongs to the domain root folder	Contributors can be assigned defined roles and privileges within the organization by administrators. Contributor permissions can be changed.

Once you have invited users to your organization, you can customize their permissions.

NOTE: See Domain user permissions to learn more about this subject.

Time-limited users accounts

For each user account, you can set an

Expiration date

to determine the account deactivation date. Every connection attempt with the expired account will be rejected once the expiration date has passed. The account will not be deleted and its password will not be invalidated, however, the account will not be accessible until the account is reactivated.

Only users with

Admin

Manage User Accounts

permissions can set or modify the

Expiration date

of a user account.

Creation of a domain and management of related entities

Provide Feedback

Have questions or feedback about this documentation? Please submit your feedback here.