User Roles & Permissions
S-MA-C-H has three distinct user roles, each with specific permissions and responsibilities.
Role Overview
1. Super Admin (S-MA-C-H Experts)
Who: S-MA-C-H company staff (Cécilia, technical team, conservation scientists)
Responsibilities
- Overall system administration
- Create and manage organizations (museums, institutions)
- Manage datalogger product catalog
- Execute monitoring on-site (using StaRT mobile app) - same permissions as Administrator
- Provide expert support to organizations
- Analyze monitoring data
Most Likely StaRT Users
Super-admins are S-MA-C-H experts and are the most likely users of the StaRT mobile application for on-site monitoring execution (Setup, Start, Stop).
Same Monitoring Permissions as Administrator
Super-admins have the same permissions as Administrators for artworks and monitorings. The only difference is scope: Super-admins can access all organizations, while Administrators can only access their own organization.
What They Can Do
| Area | Permissions | Scope |
|---|---|---|
| Organizations | Create, view all, edit all, delete | All organizations |
| Users | Create, view all, manage all | All organizations |
| Collections & Artworks | View, create, edit, delete | All organizations |
| Artworks | View, create, edit, delete, configure | All organizations |
| Monitorings | Setup/start/stop (StaRT), analyze | All organizations |
| Devices | Manage catalog, view all inventory | All organizations |
| Inventory | View and manage inventory (loggers, sensors, packaging) | All organizations |
| Data | View all logs and analytics | All organizations |
Typical Actions
- Create new museum organization
- Create first administrator for organization
- Manage datalogger models in catalog
- Execute monitoring using StaRT mobile app (Setup, Start, Stop - same as Administrator)
- Configure sensor thresholds for artworks (same as Administrator)
- Analyze monitoring data and add expert comments (same as Administrator)
- View system-wide metrics
- Provide technical support
2. Administrator (Museum/Organization)
Who: Museum directors, collection managers, administrative staff
Responsibilities
- Manage organization's operations
- Invite and manage users (viewers)
- Order and manage datalogger inventory (full access)
- Create and configure artworks for monitoring
- Execute monitoring using StaRT mobile app (same permissions as Super-Admin)
- Oversee and monitor artworks
- Analyze monitoring data
Same Monitoring Permissions as Super-Admin
Administrators have the same permissions as Super-Admins for artworks and monitorings. The only difference is scope: Administrators can only access their own organization, while Super-admins can access all organizations.
What They Can Do
| Area | Permissions | Scope |
|---|---|---|
| Users | Invite, manage roles | Own organization |
| Collections | Create, view, edit, delete | Own organization |
| Artworks | Create, view, edit, delete, configure | Own organization |
| Monitorings | Setup/start/stop (StaRT), analyze | Own organization |
| Devices | Order, view inventory | Own organization |
| Inventory | View and manage inventory (loggers, sensors, packaging) | Own organization |
Typical Workflow
1. Create Artwork (Web):
- Define artwork details
- Assign inclosure (static protection)
- Assign crate (transport protection)
- Configure base thresholds (temperature, humidity, vibration)
- Configure recording frequency
- Create monitoring checklist
- Submit (status:
Draft→Ready)
2. Setup Monitoring (StaRT Mobile):
- Press "Setup":
- Select monitoring type:
static(museum) ORtransport(movement) - Auto-detect dataloggers via Bluetooth (Logger + Sensor pairs)
- Review/adjust configuration
- Push config to dataloggers
- Select monitoring type:
- Creates monitoring (status:
Pending) - Artwork status:
Ready→Standby
3. Start Monitoring (StaRT Mobile):
- Press "Start":
- Start dataloggers recording
- Push start event with GPS + timestamp
- Monitoring status:
Pending→InProgress - Artwork status:
Standby→Monitoring
4. During Monitoring:
- Monitoring collects events:
- Alerts (threshold violations)
- Positions (GPS tracking if transport)
- Notifications (v1.0.0)
- Monitor (Web): View real-time alerts and data
5. Stop Monitoring (StaRT Mobile):
- Press "Stop":
- Stop dataloggers recording
- Push stop event with GPS + timestamp
- Monitoring status:
InProgress→Ended - Artwork status:
Monitoring→Ready
6. Data Upload & Analysis (Web):
- Upload datalogger data to S3 (via USB)
- Monitoring status:
Ended→Uploaded - Artwork status:
Ready→Analysing - Analyze charts, add expert comments
- Update artwork passport (v1.0.0)
- Mark as Completed
- Artwork status:
Analysing→Ready
7. Create New Monitoring (Repeat from Step 2)
3. Viewer (Read-Only Users)
Who: Organization members invited to follow artworks and monitorings (e.g., stakeholders, partners, observers)
Responsibilities
- Follow organization's artworks and monitoring sessions
- View monitoring progress and status
- No modification or execution permissions
Read-Only Access
Viewers have organization-wide read-only access. They cannot:
- Modify any data
- Create or edit artworks
- Use StaRT mobile app
- Configure equipment
- Manage inventory
All active operations are performed by Administrators or Super-Admins.
What They Can Do
| Area | Permissions |
|---|---|
| Artworks | View all (organization-wide, read-only) |
| Monitorings | View all (read-only) |
| Collections | View all (read-only) |
| Alerts | View notifications (read-only) |
| Logs | View monitoring logs (read-only) |
| Inventory | ❌ No access |
Typical Workflow
1. View Artworks (Web):
- Browse organization's artworks
- View artwork details and status
- Review collection information
2. Monitor Progress (Web):
- View real-time monitoring status
- See current monitorings and progress
- View alerts and notifications (read-only)
3. Review History (Web):
- View completed monitorings
- Review monitoring logs
- See basic analytics (no modification)
Permission Matrix
Quick reference for what each role can do:
| Action | Super Admin | Administrator | Viewer |
|---|---|---|---|
| Scope | All organizations | Own organization | Own organization |
| Create organizations | ✅ | ❌ | ❌ |
| Invite users | ✅ (all orgs) | ✅ (own org) | ❌ |
| Create artworks | ✅ (all orgs) | ✅ (own org) | ❌ |
| Configure artworks | ✅ (all orgs) | ✅ (own org) | ❌ |
| Use StaRT mobile app | ✅ (most likely) | ✅ (same permissions) | ❌ |
| Setup monitoring | ✅ (all orgs, StaRT) | ✅ (own org, StaRT) | ❌ |
| Start/stop monitoring | ✅ (all orgs, StaRT) | ✅ (own org, StaRT) | ❌ |
| View artworks | ✅ (all orgs) | ✅ (own org) | ✅ (own org, read-only) |
| View monitorings | ✅ (all orgs) | ✅ (own org) | ✅ (own org, read-only) |
| Manage inventory | ✅ (all orgs) | ✅ (own org) | ❌ |
| Receive alerts | ✅ (all orgs) | ✅ (own org) | ✅ (own org, view only) |
| Analyze data | ✅ (all orgs) | ✅ (own org) | ❌ |
| Update artwork passport | ✅ (all orgs) | ✅ (own org) | ❌ |
Key Difference: Scope Only
Administrator and Super-Admin have identical permissions for artworks and monitorings. The only difference is:
- Administrator: Access to own organization only
- Super-Admin: Access to all organizations
Application Access
| Role | Web App | StaRT Mobile |
|---|---|---|
| Super Admin | ✅ Full access | ✅ On-site execution (most likely) |
| Administrator | ✅ Management + execution | ✅ On-site execution |
| Viewer | ✅ View only | ❌ |
Data Visibility
Each role sees only relevant data:
- Super Admin: All organizations and data
- Administrator: Only their organization's data (full access)
- Viewer: Only their organization's data (read-only, no inventory)
This ensures data privacy and security across organizations.