Roles (Licensed)
Roles allow you to define and assign specific sets of permissions and privileges within an organisation, enabling precise control over access to resources and functionalities. By creating custom roles, organisations can manage access levels for different groups, services, and system functions based on their specific operational needs.
A sufficient Cambrionix Connect License is required to use this feature. Currently, the license is not available, but it will be coming soon. If you are interested in using this feature once the license becomes available, please contact enquiries@cambrionix.com.
Custom roles provide several key benefits:
-
Security: Assigning permissions based on roles ensures that only authorised individuals or services can access specific resources, reducing the risk of unauthorised access, data breaches, or accidental misuse.
-
Control: Defining roles allows organisations to enforce separation of duties, ensuring that each entity can perform only the actions permitted within its assigned role, minimising errors and maintaining compliance.
-
Scalability: As organisations grow and evolve, custom roles make it easier to manage permissions, allowing for seamless adjustments to accommodate new structures and operational changes without compromising security or functionality.
Roles
Within your organisation, each group or service can have multiple assigned roles, allowing for flexible and structured access management. By default, the following roles are available for assignment:
| Role | Description |
|---|---|
| Member | Can read everything and view all information, but cannot make any changes. |
| Contributor | Can perform all actions except manage/ invite users to the organisation. |
| Owner | Can perform all actions in the organisation. |
Creating custom roles
You can create custom roles for your organisation by navigating to "Manage Roles" and selecting the "Create Role" button.
Note: This option will only be available in Cambrionix Connect with the appropriate license.
Basics
When you initially create a new role you will need to input some basic information such as the name of the user role and a short (optional) description of the role to help identify the specific role and its permissions.
Permissions
A list of each permission that can be assigned can be seen below.
| Permission Group | Permissions | Description |
|---|---|---|
|
Hub API Permissions related to the Hub API Service |
API.Read | Grants the ability to read data from the Hub API service. |
| API.Write | Grants the ability to peform actions via the Hub API service | |
| API.Admin | Grants the ability to perform administrative actions via the Hub API service | |
| API.DFU | Grants the ability to perform DFU actions via the Hub API Service | |
|
Device API Permissions related to the Device API Service |
DeviceAPI.Devices.Reboot | Grants the ability to reboot a device using the Device API |
| DeviceAPI.Devices.PowerOff | Grants the ability to power off a device using the Device API | |
| DeviceAPI.Devices.Read | Grants the ability to read device information using the Device API | |
| DeviceAPI.Devices.RecoveryMode | Grants the ability to put a device into (and out of) recovery mode using the Device API | |
| DeviceAPI.Devices.Erase | Grants the ability to erase a device using the Device API | |
| DeviceAPI.Firmware.Download | Grants the ability to download firmware using the Device API | |
| DeviceAPI.Firmware.Write | Grants the ability to peform firmware actions using the Device API | |
| DeviceAPI.Devices.Backup.Write | Grants the ability to write device backups using the Device API | |
| DeviceAPI.Devices.Backup.Delete | Grants the ability to delete device backups using the Device API | |
| DeviceAPI.Devices.Backup.Read | Grants the ability to read device backups using the Device API | |
| DeviceAPI.Certificates.Read | Grants the ability to read certificates using the Device API | |
| DeviceAPI.Certificates.Delete | Grants the ability to delete certificates using the Device API | |
| DeviceAPI.Certificates.Write | Grants the ability to peform certificate actions using the Device API | |
| DeviceAPI.Auth.Read | Grants the ability to read authentication information using the Device API | |
| DeviceAPI.Auth.Write | Grants the ability to peform authentication information actions using the Device API | |
| DeviceAPI.Auth.Delete | Grants the ability to delete authentication information using the Device API | |
| DeviceAPI.Details.Read | Grants the ability to read api details using the Device API | |
|
Organisation Information Permissions related to viewing the organisation |
Organization.Read | Grants the ability to read information about the organisation |
| Organization.Write | Grants the ability to peform organisation actions | |
| Organization.License.Read | Grants the ability to read organisation licenses | |
|
Organisation Services Permissions related to organisation services |
Organization.Service.Read | Grants the ability to read organisation services |
| Organization.Service.Write | Grants the ability to create and update organisation services | |
| Organization.Service.Delete | Grants the ability to delete an organisation service | |
| Organization.Service.Secret.Read | Grants the ability to read organisation service secrets | |
| Organization.Service.Secret.Write | Grants the ability to change an organisation service secret | |
|
Organisation Computers Permissions related to organisation computers |
Organization.Computer.Read | Grants the ability to read information about the organisation computers |
| Organization.Computer.Write | Grants the ability to add / edit computers within an organisation | |
| Organization.Computer.Delete | Grants the ability to delete a computer from an organisation | |
|
Organisation Devices Permissions related to organisation devices |
Organization.Device.Read | Grants the ability to read information about the organisation devices |
| Organization.Device.Write | Grants the ability to add / edit devices within an organisation | |
| Organization.Device.Delete | Grants the ability to delete a device from an organisation | |
|
Organisation Hubs Permissions related to organisation hubs |
Organization.Hub.Read | Grants the ability to read information about the hubs in an organisation |
| Organization.Hub.Write | Grants the ability to peform hub actions within an organisation | |
| Organization.Hub.Delete | Grants the ability to delete hubs from an organisation | |
|
Organisation Audit Log Permissions related to organisation audit log |
Organization.AuditLog.Read | Grants the ability to view the audit log |
|
Organisation communications settings Permissions related to managing communications settings |
Organization.Communications.Settings.Read | Grants the ability to view the communications settings |
| Organization.Communications.Settings.Write | Grants the ability to change communications settings | |
|
Organisation Users Permissions related to orgaisation users |
User.Read | Grants the ability to read organisation users |
| User.Write | Grants the ability to update organisation users | |
| User.Delete | Grants the ability to emove organisation users | |
|
Organisation Role Assignment Permissions related to organisation role assignments |
Organization.Role.Write | Grants the ability to assign or remove a role from a user |
| Organization.Role.Read | Grants the ability to view a role from a user | |
|
Organisation Invitations Permissions related to organisation user invites |
Invite.Write | Grants the ability to Invite users to the organisation |
| Invite.Read | Grants the ability to read organisation user invites | |
| Invite.Delete | Grants the ability to delete user invitations | |
|
Organisation Device Assignment Permissions related to device assignment to users |
Organization.Device.User.Write | Grants the ability to assign users to a device |
| Organization.Device.User.Read | Grants the ability to read device assignment to users | |
| Organization.Device.User.Delete | Grants the ability to unassign devices from users | |
|
Organisation Custom Roles Permissions related to organisation custom roles |
CustomRole.Write | Grants the ability to create/ update/ delete organisation custom roles |
| CustomRole.Read | Grants the ability to read organisation custom roles | |
| CustomRole.Delete | Grants the ability to delete organisation custom roles | |
| Workflows
Permissions related to organization workflows |
Workflow.Read | Grants the ability to read organisation workflows |
| Workflow.Write | Grants the ability to create and update organisation workflows | |
| Workflow.Delete | Grants the ability to delete an organisation workflow | |
| Workflow.Publish | Grants the ability to publish an organisation workflow | |
| Workflow.Unpublish | Grants the ability to unpublish an organization workflow | |
| Workflow.Deploy | Grants the ability to publish an organization workflow | |
| Workflow.Service.Read | Grants the ability to read connections between a workflow and its associated services | |
| Workflow.Service.Write | Grants the ability to associate a service with a workflow | |
| Workflow.Service.Delete | Grants the ability to disassociate a service with a workflow | |
| Workflow.Execution.Write | Grants the ability create a new workflow execution | |
| Workflow.Execution.Read | Grants the ability to view organisation workflow executions | |
| Workflow.Execution.Delete | Grants the ability to delete workflow executions | |
|
Locations Permissions related to organisation locations |
Organization.Locations.Read | Grants the ability to view organisation locations |
| Organization.Locations.Write | Grants the ability to create / edit organisation locations | |
| Organization.Locations.Delete | Grants the ability to delete organisation locations |
Review
Once you have completed the basic information and selected the permissions required you will then have the opportunity to review the information before creating the role.