Security Model

The AEMO Australian Energy Market Operator security model enables Participant Administrators (PAs) providing access to their Participant Members to manage access to AEMO's energy market systems web portal for their registered participants. The AEMO security model has user components with assigned rights. These rights determine access privileges to different areas of the web portal. The following sections describe the components to manage these access privileges.

Users

A user is someone who uses a system and its services. This can be the web portal (interactive) or by the Batch Handlers Allows communications between AEMO's systems and participant systems. When communications are processed using the Batch Handlers, they undergo the same validity checks as if they were processed using the web portal. (batch). Each user must have a participant ID and assigned rights to use the system. These rights determine what interfaces and menus the user can access and what actions they can perform.

AEMO system administrators

AEMO System Administrators must create the initial participant IDs and assign the correct PA Participant Administrator. Super-users who manage and perform system administration tasks for their own organisation’s participant users. rights for each organisation. After the PA has their login details with the correct rights, they can create the remaining users as required.

Participant administrators

As super users, PAs can manage and perform the following system administration tasks:

AEMO System Administrators can view all rights created in the system. This includes rights created by other administrators.

Create new users
Create new rights with access no higher than they have themselves
Create new PAs and give them rights with access no higher than they have themselves

Participant users

A participant user is generally provided ordinary rights. They can belong to AEMO or to participant organisations.

Business groups

A Business Group A group of participant companies (each with their own Participant IDs) that are part of a single commercial enterprise. is a group of participant companies each with single participant IDs that are part of a single entity. Setting up a Business As defined in the NERL. Group allows PAs to have visibility of all users in the group without explicitly allowing visibility for each individual participant user. Business groups are often set up to use the Set Participant Where a Participant User has user rights assigned by more than one participant ID, the Participant User can select the participant ID they want to represent using the Set Participant option in the web portals. function so participant users can do work for the multiple participants companies in the Business Group without having to log out and back in again with a different user ID, for more details, see Set Up Single User IDs on page 1.