User and Rights Management

Access rights and permissions of users are defined by means of users, user groups and rights.

You can define who has access to the user interface/app, who has permission to program the system via Loxone Config and who has access to the building.

The user and rights management was redesigned with Loxone Config v11.0. Please update, to be able to use all the functions described below.

Table of contents

Creating users and assigning user groups
User properties and passwords
Manage permissions
Types of permission
Verifying permissions
Access
Access schedules

Basics:

With the user “admin” you log on to your Miniserver for the first time and perform the basic programming of the system.
The user “admin” is a member of the user group “Full Access”, and thus has all available rights.
Because of these extensive rights, creating a strong password is of high priority, and should always be the first step.
The “Full Access” user group replaces the “Administrators” group from previous versions.

The following information refers to the User Management in Loxone Config. The same principles apply to the User Management in the Loxone App.

Creating users and assigning user groups

First create the required users and user groups using the buttons in the menu bar, as shown in the following example:

The users can then be assigned to the respective user groups. To do this, simply drag and drop a user onto a user group.

To manage multiple users and user groups, proceed as follows:
Click on a user group, then click on “Manage members”
Then, by clicking on “Add…” in the next window, users can be added to the group by checking the checkbox:

In the above example the user “Oliver” is assigned to the group “Adults”. Alexander and Evelyn were already part of that group.
Finally, click on “Apply”.

Existing users can be removed from the group by clicking the “Delete” button or by unchecking the box.

Other user groups can also be added to a group via the “User groups” tab.
For example, the group “Employees” can be assigned to the group “Adults”. It will then have the same rights as the parent group.

User properties and passwords

User-specific settings are available in the user properties:

First create a secure password for each user.

Permissions allows you to manage and get an overview of the permissions of a particular user.

With the Status setting, a user can be enabled or disabled either for a specific period of time (date, time) or permanently.

Authentication configures a user’s access via NFC tags, access codes, or iButtons.

With the User Interface password, specific functions in the user interface/app can be protected with an additional password.

Permission Management

A click on “Manage permissions” opens the Permission Management window.
Here you can assign rights to users or entire user groups. Access to rooms or specific objects in the user interface can also be defined as a right:

In the above example we give the user group “Children” the rights to use the objects of the room “Child’s Room”.

In addition, we assign the general right “Web Interface/Apps” from the “Rights” tab:

This basic right is necessary for all users who are to be granted access to the web interface or app. Without this right no login to the interface is possible!

Finally, click “Apply” and save the program to the Miniserver.

Afterwards, children, for example, can log in to the app and get access to the controls in the children’s room, such as lighting, shading, etc.
Other functions are not displayed and can only be operated if access to them is granted.
This also makes the interface easier to navigate for users, as only relevant objects are displayed in the app.

In a company, the rights for certain groups of employees or departments can be organized in the same way.
For example, you can create user groups such as “Management”, “Accounting”, “Employees”, “Cleaning Staff” and assign the appropriate permissions.

Types of permissions

Various types of permissions are available:

The tab “Rights” contains general rights to manage the system, or to customize and access the web interface/app

Example: A user or group receives the right to access the web interface/app, and the right to change their own password

In “Rooms“, web interface/app access to objects of a specific room can be set.

Example: A user or a group gets access to all objects that are assigned to the room Living Room

In the “Blocks” tab, the access to certain blocks in the web interface/app can be defined.

Example: A user or group should only have access to very specific functions, e.g. outdoor lighting control

You can also assign permissions for users or groups from the block’s settings.

Verifying permissions

With the following function you can get an overview of what rights a user or user group has and and why this is so.
Click on a user or group, then on “Show all permissions”

In this example we first look at the basic rights of the user Oliver:

He has access to the interface (Web Interface/App), may change his own password, and can create automated tasks with the objects in the interface.
He has acquired these rights from the “Adults” user group, of which he is a member.

In the tab “Rooms” we can see the rooms Oliver is permitted to use:

Here too, the permissions are acquired from the “Adults” user group.

In the tab “Blocks” we can see which function blocks or objects Oliver is allowed to view and operate:

Since he is a member of the “Adults” user group, he acquired it’s permission for the bedroom and also has access to the lighting control in the bedroom, .
In addition, the user has access to the blind control in the child’s room, because the permission for this block was assigned directly to him.

The last column “Path” shows the permission paths. You can identify where the right for an object originates. The abbreviations in the paths indicate:
U: User
UG: User Group
R: Room

Access

In the User Properties under Authentication, access to the building can be set up via NFC tags, access codes, or iButtons.
These have to be created or paired in advance.

Access schedules

Access can be granted to users or user groups on a time limited basis.
To do this, click on a user or user group, open Permission Management and click on “Create new access schedule”:

The schedule allows you to set access times for the selected users or user groups.

Now the user will only have access within the selected times.

The created access times will then be listed in the Periphery tree under Schedules and can also be edited there: