Each role is defined as a unique combination of name, description, and access permissions for different features of the platform.
Inside Role Management, you can:
- View the list of existing user roles and their details
- Create/Add roles
- Edit existing roles
- Delete roles
There are two types of access permissions within the Role Management feature:
- Read: this permission enables users to view data inside the platform features
- Write: this permission enables users to create, edit, and delete data inside the platform features.
There are three predefined roles in Role Management:
- Admin - all the permissions are enabled and users assigned this role have full access to all the features of the platform
- Power user - users assigned this role have Read permission for all the features of the platform and Write permission for all the features except for Device template, Role, and Semantic template
- Standard user - apart from having Read permission for User, Device template, Semantic, and Rule features, users assigned this role also have Write permission for Data visualisation and Device features
Note: These predefined roles cannot be edited or deleted, even if a user has Write permission for the Role feature.
The following list shows which actions are permitted for each feature, given the Read or Write permission:
- User - List all existing users (Read), invite/edit/enable/disable/delete users (Write)
- User group - List all user groups (Read), create/edit/delete user groups (Write)
- Role - List all existing roles, both predefined and user-defined (Read), create/edit/delete user-defined roles (Write)
- Device - View and monitor all existing devices shared with you (Read), create/edit/delete devices and edit access lists (Write)
- Device template - List all device templates shared with you (Read), create/edit/delete device templates and edit access lists (Write)
- Device group - List all device groups (Read), create/edit/delete device groups and edit access lists (Write)
- Semantic - List all semantic groups shared with you and their feeds/actuators/alarms, and download raw data (Read), create/duplicate/move/delete semantic groups and their feeds/actuators/alarms, manage access lists, and create/edit/delete calculated feeds (Write)
- Semantic template- List all semantic templates shared with you (Read), create/edit/delete semantic templates and edit access lists (Write)
- Rule - List all rules shared with you (Read), create/edit/delete rules, and edit access lists (Write)
- Data visualisation - View data from existing dashboards, widgets, reports, and messages shared with you (Read), create/edit/delete dashboards, widgets and reports, and edit access lists (Write)
You can create a number of custom roles by combining access rights and features, provided that you have Write access permission for Role.
To create a new role:
- Click the Add button inside Roles list
- Enter name and description for the role
- Set access permissions by selecting the Write and/or Read checkbox
- Click on Save
- Role name: Device Management Role
- Role description: This role allows you to manage everything device-related
- Access permissions: user has Read and Write permissions for Device and Device template, as well as Read permission for Device group.
Note: Write checkbox will be disabled if Read checkbox is not selected. This is because it is not possible to have Write access permission without Read permission. Also, once Write checkbox is selected, Read checkbox will become disabled, because Write access permission implies Read permission.
If you have Write access permission for Role, you will be able to change name and description for existing roles, as well as their access permissions.
To edit an existing role:
- Select an existing role
- Change role info and/or permissions
- Click on Update to save changes
To delete a role:
- Select the checkbox of the role you want to delete
- Click the Delete button
- A new dialog will appear asking you to confirm the action
- Click Delete
Note: It is not possible to delete a role which has been assigned to a user.