You can group assets, sensors, network devices, and bridges using the Organization Hierarchy.

Alert: Cisco has made the end-of-life (EOL) announcement for the Cisco Industrial Asset Vision (IAV).

Create an Organization Hierarchy

Refer here to create an Organization Hierarchy.

In IAV, to view the Organization Hierarchy screen:

  1. From the left pane, click Configuration > Organization.
  2. In the right pane, click the Organization Hierarchy tab.

The left section shows the hierarchy with different levels and only the levels accessible to the currently logged-in user are shown in bold text. The number next to a level is the Alerts count for that level which by default shows the aggregated alerts count (count of alerts on that level and the levels below). Selecting a specific level in the hierarchy will filter the data and values of the entities present under that hierarchy level and all of its child levels. The filtered entities and the alerts associated with these are displayed in the right section of the page. Clicking on the total Assets, Sensors, Network Devices, Bridges and Alerts takes you to the respective pages. In those pages, the level that you select in the Organization Hierarchy page will be pre-selected automatically. This persists across logins as long as you use the same browser. The right pane also shows the Access Control Groups and the number of assigned users based on the selected Organization Hierarchy level.

The Organization Hierarchy pane can be collapsed.

Add Access Control Group

Users can be given access to specific levels of the Organization hierarchy using Access Control Groups. Based on the Organization levels that a user has access to, they will be able to view the associated entities (assets, sensors, network devices, bridges) that are present under the hierarchy level and its child levels.

Note: This is enabled only to the IT Admins, Tenant Admins, and the users who have Organization Hierarchy User Management related permissions as part of a custom role.

There are 2 system-defined ACGs:

  • Full Admin—Users with Tenant Admin or IT Admin roles are associated automatically with the Full Admin ACG when they log in. In this ACG, they will have access to the Global level (root level) of the hierarchy, which would also give them access to all the child levels and their associated entities.
  • Limited Access—The users in this group can access only two levels-Unused and Public. Users with roles other than the Tenant Admin or IT Admin are assigned the Limited Access ACG. This ACG gives the users access to only the Unused and Public Organization levels. To get proper access, the Tenant Admin should assign appropriate ACGs to these users.

To create an ACG:

  1. From the left pane, click Configuration > Organization.
  2. In the right pane, click the Access Control Groups tab and then click Add Access Control Group.
  3. Enter the name of the group in the Access Control Group Name field.

    Note: You cannot enter Full Admin or Limited Access as the group name.

  4. Select the users to be added to the group from the Assign Users drop-down list.

    Note: Only the list of non-Tenant Admins is shown in the drop-down list.

  5. Select any level (any parent level or a child level) to assign a hierarchy level to the group in the Assign Organization Hierarchy section. You can also search for a level in the Find Hierarchy search field. Start typing to narrow the options.
  6. Click Add.

Manage an Access Control Group

View an Access Control Group

  1. From the left pane, click Configuration > Organization.
  2. In the right pane, click the Access Control Groups tab and then click on a group name under the Access Control Names column. OR
  3. From the left pane, click Configuration > Organization.
  4. In the right pane, click the Organization Hierarchy tab. When you select an Organization hierarchy level, the ACGs associated with the level will be displayed in a list in the right pane. For each ACG the count of users assigned to the ACG will also be displayed in the right pane. In this list, the ACGs that you have access to will have a hyperlink and when you click on it, the details of the ACG will be displayed.

Edit an Access Control Group

Note: The 2 system-defined ACGs-Full Admin and Limited Access cannot be edited.

  1. From the left pane, click Configuration > Organization.
  2. In the right pane, click the Access Control Groups tab.
  3. In the row of the ACG that you want to modify, click Edit under the Actions column.
  4. Make the required changes and click Update.

Delete an Access Control Group

Note: The 2 system-defined ACGs-Full Admin and Limited Access cannot be deleted.

  1. From the left pane, click Configuration > Organization.
  2. In the right pane, click the Access Control Groups tab.
  3. In the row of the ACG that you want to modify, click Delete under the Actions column and click Yes when prompted.

View and edit users

You can view the list of all the users within the tenant and the ACGs that they are associated with. You can move or add them to other groups. When new users are added to a tenant they are synced automatically when an admin user navigates to this tab. Based on the role that has been configured for the user, they would also be assigned to appropriate ACGs. You cannot edit the users that belong to the Full Admin and Limited Access groups.

Note: This is visible only to the IT Admins, Tenant Admins, and the users who have Organization Hierarchy User Management related permissions as part of a custom role.

  1. From the left pane, click Configuration > Organization.
  2. In the right pane, click the Users tab.
  3. Click on a user's email under the Email column. This shows the user's details (email and the ACG they are in).
  4. In the row of the user's email that you want to modify, click Edit under the Actions column.
  5. Make the required changes and click Save.