--- title: "Administration and Governance" slug: "administration-and-governance" updated: 2025-05-09T22:16:02Z published: 2025-05-09T22:16:02Z --- > ## Documentation Index > Fetch the complete documentation index at: https://support.tulip.co/llms.txt > Use this file to discover all available pages before exploring further. # Administration and Governance **Account Owners** in Tulip manage controls and settings within a Tulip Instance and/or Workspace. The areas account owners can be responsible for include: - [Set Up Your Tulip Instance](/r230/docs/intro-set-up-your-tulip-instance) - [User Management](/r230/docs/intro-user-management) - [App Management](/r230/docs/intro-app-management) - [Shop Floor Management](/r230/docs/intro-shop-floor-management) - [Workspace Management](/r230/docs/intro-workspace-management) (Enterprise and above) In addition to the information in this article, account owners in regulated industries also need to be aware of GxP best practices and protocols for governing and validating apps. GxP administration and governance involves: - App lifecycle management and validation - Maintaining digital history records ## Who should be an Account Owner? How you decide to delegate Tulip responsibilities is up to you, but we’ll share a few scenarios we’ve seen: In instances of small organizations with one Tulip champion, there may be only one main account owner who is responsible for everything mentioned above, excluding workspace settings. In larger organizations, responsibilities may be divided as such: - A **central team** manages initial setup of the Tulip Instance, including: standardizing brand colors and color palettes, user roles, app templates, and training site leads - **Site Leads** at each site are responsible for workspace and Shop Floor management - **Citizen Developers** manage apps and app solutions relevant to their productions - **IT** works with operations to ensure the shop floor is properly set up and manages Interfaces (display devices), Edge Devices, Machines, Vision, and Connector setup - A **Data Lead** standardizes a [Common Data Model](/r230/docs/using-a-common-data-model) and manages Tulip Tables ## The Need for a Control Program Without a control program, it becomes difficult to track who is responsible for specific changes or developments within the platform. When roles and responsibilities are not set, solution development can slow or stall indefinitely. Unauthorized users or untrained users may make changes that go live immediately without understanding the potential consequences. This can lead to data corruption or errors, such as deletion of table records, running the wrong version of an app, or testing an app incorrectly and logging false data. Untrained users might also break apps or make significant changes to apps without saving snapshots of previous versions. **It’s important to determine who is responsible for each area of the platform.** User roles designate permissions to each user throughout the platform. In your account settings, you will find the [default roles Tulip provides and the access level associated with each](/r230/docs/add-users-and-managing-user-roles). Each role is documented within the platform. Custom User Roles If your company is on the "Enterprise" plan or above, you can use "[Custom User Roles](/r230/docs/customize-user-roles)" to create custom permission sets from 70+ possible permissions in the platform. You can also [set permissions for individual apps](/r230/docs/change-editing-permissions-on-individual-apps), apart from user roles. Finally, as your organization grows, the lack of a control program can hinder your ability to scale and grow. Without standardized procedures and controlled access, it can become too difficult to manage an increasing number of users, apps, and data sources. Governance may not seem important if you only have one app builder or one or two apps, but when you expand from an app to a solution and your instance starts filling with dozens to hundreds of tables, apps, app folders, connectors, etc. you’ll need a standardized and documented process for managing and maintaining everything in your platform. ## Design Your Own Control Program Designing a control program involves setting up a workflow that manages Permissions, monitors app development, and standardizes app lifecycle management. The end-to-end workflow for account owners in general manufacturing looks like: - **Setup initial account settings** and appearance such as the color palette, date and time, etc. - **Define user roles and permissions**. Each role should have tailored access to their responsibilities to prevent unauthorized actions. - **Track user training** either with an internal training program or with Tulip University certificates. - **Learn which areas of the platform are version controlled** (e.g. changes made to the development version of an app do not go live until published, whereas changes made to Tulip tables go live immediately). - **Implement a rigorous app development and publishing process** by standardizing the use of snapshots, documentation, and changelogs. You might require an app to undergo usability testing with operators or review by a solution lead before publication. - **Use the Recent Activity feature** to monitor changes and user activities. - **Publish apps into production** on the shop floor. Assign apps to Stations on the shop floor and purchase/set up interfaces (display devices) for the apps to run on. By integrating all these elements, account owners can build a comprehensive control program to ensure the right people have the appropriate access, apps are thoroughly vetted before going live, and all users are trained to effectively use the Tulip platform. ## Account Owner/Governance Controls Checklist Use the checklist below to ensure you have set up and accounted for all governance features relevant to your organization. For detailed information on each area, refer to: - [Set Up Your Tulip Instance](/r230/docs/intro-sete-up-your-tulip-instance) - [User Management](/r230/docs/intro-user-management) - [App Management](/r230/docs/intro-app-management) - [Shop Floor Management](/r230/docs/intro-shop-floor-management) - [Workspace Management](/r230/docs/intro-workspace-management) (Enterprise and above) --- - Set up Your Tulip Instance - Customize Account Settings - Account - API Tokens - App Exchange - Color Palette - Custom Widgets - Date and time - Edge devices - Frontline Copilot® - Network Access - Player - Users - Workspaces (Enterprise) - Maintain Your Tulip Instance - Monitor Account Usage for overages/opportunities for better resource allocation - Monitor Recent Activity to ensure changes are made by verified users - Import/Export Activity Data - User Management - Add new users - View user permissions and select role for new user based on access level needed (e.g. application builder needs access to the app editor, while an operator only needs viewing access) - Edit user details, such as phone number, email, and Badge ID - Create custom user roles (Enterprise) - App Management - App Organization - Create app folders - Move apps between folders - App Access - Set app roles and restrictions - Set approvals - App Version Control/Lifecycle Management - Manage development versions and snapshots - Define publication standards/process - Develop an iterative, continuous improvement process that is built on user research and feedback - Shop Floor Management - Setup and manage stations - Create interfaces - Assign interfaces to stations - Assign edge devices to stations - Setup and Manage Machines - Create machine - Create machine types - Create machine data sources - Setup and Manage Edge Devices - Purchase edge devices - Register edge devices - Setup edge device connection - Setup and Manage Vision - Create camera configuration - Create detectors - Create IP cameras - Create models - Workspace Management - Customize Workspace Settings - API Tokens - Approval types - Date and time - Device uptime - Schedules and shifts - Users - Workspaces ## Next steps Learn about account governance with guidance from Tulip experts: - [Account admin journey](https://university.tulip.co/path/admin-journey) - [Governance](/r230/docs/governance) --- Did you find what you were looking for? You can head over to [community.tulip.co](https://community.tulip.co) to post your question or see if others have faced a similar question! **Tulip Instance** A Tulip customer account. Your instance can be found at https://[your-instance].tulip.co When *your instance*is referenced, we are just talking about your Tulip account on an organization-level, not user-level. **Workspace** **Workspaces**are a model within Tulip to separate Tulip assets to match the places where work is being done. A workspace should represent a single facility, line, or department. With workspaces, users across facilities can easily collaborate, share their solutions, and improve their global operations. **GxP** **Good *X* Practice**. An abbreviation collecting many of the core principles of Life Sciences compliance. *ex-* - *GMP - Good Manufacturing Practice* - *GLP - Good Laboratory Practice* - *GDP - Good Distribution Practice* **Shop Floor** The area of the platform responsible for moving applications into production. Under the shop floor, you can manage **Stations**, **Edge Devices,**and the app publication details such as which **Version** is accessible to users, which **Devices**are connected to the app, and which **Interface (display device)******the app is run on. **Interface (Display Device)** Users interact with Tulip applications through physical devices like touchscreens, PC monitors, mobile devices, and LCD screens. We refer to these as **interfac****es.**Interfaces must be assigned to a **station** in order to run applications. **Edge Device** **Edge Devices** are any hardware intended to connect physical things to the cloud. This can include entirely mechanical devices, older machines without network functionality, PLCs, and more. Tulip sells the **Edge IO** and **Edge MC** that interface directly into **Triggers** in a breeze, but Tulip can also support other Edge Devices. **Machine** A **Machine**is a digital representation of a physical datasource. Machines have **Attributes**that are updated through an OPC-UA Connector or the Tulip API. **Tulip Vision** **Vision**is a simple no-code tool to use cameras for visual inspection, process adherence, equipment, personnel, and material tracking on the shop floor. **Connectors** **Connectors** enable real-time connectivity between your Tulip solution and a transactional system (e.g. an ERP). The output of a Connector Function can be used in Tulip Apps, Automations, and Functions. - **HTTP Connectors** utilize HTTP API endpoints. - **SQL Connectors** can enable connectivity with certain SQL databases. - **MQTT Connectors** can connect to MQTT brokers for machine monitoring. ![](https://cdn.document360.io/7c6ff534-cad3-4fc8-9583-912c4016362f/Images/Documentation/connector.gif) **Tulip Tables** **Tulip Tables** are a global location to store your production data. **Tables** are made up of **Records** (rows). A single can be accessed from multiple apps or stations at the same time. ![](https://cdn.document360.io/7c6ff534-cad3-4fc8-9583-912c4016362f/Images/Documentation/Tulip%20Tables%20Overview%20-%20Feature%20Overview(1).gif) **Permissions** Settings for controlling which users have access to specific applications. Use permissions to ensure that only approved users are able to access published applications in production settings. **Tulip University** **Tulip University**is a free resource to guide Tulip users through learning the Tulip. 30+ courses cover everything from the basics to **Connector Functions**and **Edge Devices.** Enroll in your first course at [university.tulip.co](//university.tulip.co). **Station** **Stations**are a digital representation of a physical place or device in your facility. Stations are 1:1 with **Interfaces (display devices)** running Tulip Player, but Stations can also be assigned **Edge Devices,**Tulip Vision Camera Configurations, Machines,****and more.