Ability™ Developer Portal v23.1
Try Sandbox for free
Get a month of free access to ABB Ability™ Platform to learn and experiment!
API Playground
Play with ABB Ability™ Platform APIs (no time limits)

# Multitenancy Terminology

Corresponding articles and other documentation provided by your CST representative may use the following terms in the context of a multitenant Ability™ platform:

# Ability Instance

An instance of Ability Platform that comprises of the required Azure Services and Ability components that is deployed, managed and operated as a single unit.

# Ability Region

A geographical region of the installation(s) (e.g., Europe, US, Asia Pacific). Regions can be defined by geographic or legal boundaries. Regions are determined by various factors viz., latency of information transmission, data jurisdiction requirements, and service availability.

# Identity Provider

As quoted in Wikipedia - An identity provider (abbreviated IdP) is a system entity that creates, maintains, and manages identity information for principals while providing authentication services to relying applications within a federation or distributed network. Identity providers offer user authentication as a service.

The Ability Platform supports the following two types of identity providers:

  • OpenID Connect (OIDC) based identity providers. This includes Azure Active Directory and various social identity providers like Google and Yahoo.
  • Certificate authority for the connected devices that use client certificates for authentication.

# Connectivity Provider

Provides connectivity to devices and applications that are connected to ABB Ability™ Platform. Currently, the only connectivity provider supported is Azure IoT Hub for connected devices.

# Tenant

Organization or entity that signs up for an Ability solution. A tenant could be a customer, specific location, or subset of either entity.

# Solution

A collection of applications delivered on top of the Ability Platform by an ABB business entity (unit/division) that provides a value added service to the end customers.

NOTE

There is a non-hierarchical relationship between tenants and solutions. A tenant may possess many solutions, and a solution may be accessed by many tenants.

# Application

A software component built by businesses consuming the ABB Ability™ Platform APIs to access the data. Note that there can be one or more applications in a solution offered by a ABB business.

Applications can be categorized as follows:

  • Background application.
  • Web application with a server component.
  • Single page application (SPA) running in a client browser or mobile device.
  • Mobile or native application.

NOTE

There is a hierarchical relationship between applications and solutions. All applications are children of a solution.

# Principal

A generalized term and is applicable to users, applications, and devices.

# Contract

An agreement between a solution and a specific end customer (tenant) which allows a tenant to start using the solution in the platform.

# Permission

An action or verb that applies to a specific functionality. Permissions are always associated with a resource. Examples include 'variable_read', 'object_model_write', and 'type_definition_read'

# Role

A named collection of permissions. These are customizable and could represent predefined jobs within your solution (e.g., administrator, operator, observer).

# Grant

A combination of a role and (optionally) rules with conditions. Grants can be assigned to multiple principals. A grant can only be removed if no principals reference it.

# Principal Manager

An API service that allows users to manage all of the above entities (solutions, role ,grants, etc.). It can be used directly as an HTTP API or through the Admin Portal. It is sometimes also referred to as the Region API.

Last updated: 1/10/2022, 11:05:26 AM

Multitenancy

Feedback