Skip to main content

Why Access Groups Matter in RCOM Gateway

In a platform as powerful and modular as RCOM Gateway, access control isn’t just about restricting who can log in; it’s about defining what each user can see, where they can act, and how data flows securely across tenants, sites, and departments.
That’s where Access Groups come in.

Understanding Access Groups

In RCOM Gateway, Access Groups act as logical containers that define which parts of the system a user can interact with. They determine visibility and data scope across the platform’s various layers, from Custom UIs and Custom Maps to Object Groups, and More.

Think of them as virtual boundaries that mirror your organization’s real-world structure:

  • A logistics company might have Access Groups for Warehouse A, Warehouse B, and Cold Storage.
  • A hospital might define Access Groups for ICU, Pharmacy, and Diagnostics.
  • A manufacturer could use Plant 1, Quality Lab, and Dispatch.

Every data point, dashboard, and automation workflow inside Gateway can be scoped within these groups, ensuring that users only interact with the data that’s relevant to their role and location.

Why Access Groups Are Central to Security and Governance

1. They enforce data segmentation

Access Groups prevent users in one operational domain from viewing or modifying data in another.
For example, a “Cold Storage” operator can’t accidentally alter data linked to “Outbound Logistics.” Each group maintains its own variable context and UI visibility, guaranteeing clean separation of responsibilities.

2. They simplify user management

Instead of creating one-off permissions for each user, admins simply map a user to the relevant group(s).
The user instantly inherits all the data scopes, dashboards, and variables that belong to that group — dramatically reducing configuration time and error risk.

3. They enable contextual automation

Each Access Group can hold scoped variables, key-value pairs that workflows and UIs can consume dynamically.
For example:

Access Group: Warehouse A  
Variable: `PRIMARY_ZONE = Dock-1`

A workflow running under “Warehouse A” can automatically apply Dock-1 logic without additional filters or hard-coded values.

4. They strengthen multi-tenant security

In multi-client or multi-department setups, Access Groups provide isolation by design.
Tenants can share the same Gateway instance but see entirely different dashboards, object data, UIs, and more with no risk of cross-visibility or accidental modification.

5. They power Custom UI and Map permissions

Every Custom UI and Custom Map is created under an Access Group.
That means dashboards, floor maps, and vendor portals inherit visibility directly from group assignments — so you can safely design interfaces for external partners or field operators without exposing the core system.

Why Mapping Users and Modules Matters

Properly linking your users and modules to Access Groups is not optional — it’s the foundation of how RCOM Gateway enforces role-based visibility, data integrity, and operational security.

When users are correctly mapped:

  • Workflows execute within the right context, using group variables and permissions.
  • Custom UIs display only relevant data for that group.
  • Object Groups show scoped records instead of global datasets.
  • Logs, events, and dashboards remain cleanly separated by operational area.

If a user isn’t mapped correctly, they might:

  • See empty dashboards (no data context)
  • Lack permissions to trigger workflows
  • Accidentally push updates into unrelated zones
  • Breach tenant boundaries in shared environments

Best Practices for Access Group Design

  • Reflect your organization’s real structure — base groups on plants, departments, or sites.
  • Limit parent-child depth — too many nested groups make visibility harder to manage.
  • Use meaningful names — e.g., Warehouse_A_ColdZone instead of Group_01.
  • Define scoped variables early — store constants like ZONE_ID, API_URL, or ALERT_THRESHOLD in each group.
  • Review mappings regularly — as users move roles, their access group assignments should follow suit.

In Summary

Access Groups are the control layer that makes RCOM Gateway scalable, secure, and truly multi-tenant.
They aren’t just about permissions — they define the operational context for every workflow, UI, and automation inside your system.

When users and modules are correctly mapped to Access Groups, the Gateway transforms from a tool into a context-aware automation ecosystem — where every action happens exactly where it should.