User Permissions

User types and API Keys are associated with a set of permissions, each one enabling a feature or read/write capability on a specific object.

The following is a list of permits grouped according to the topic they are intended for.

Customer

Customer account administrator

Allows the user to manage the customer account.

This permission can be assigned only to CUSTOMER user types.

API Name: CUSTOMER_ACCOUNT_ADMINISTRATOR

Delete customer

Allows the user to delete customers.

API Name: DELETE_CUSTOMER

Import customers

Allows administrative users to import customer data in a bulk way.

This permission can be assigned only to ORGANIZATION and PARTNER user types.

API Name: IMPORT_CUSTOMERS

Read all customers

Allows the user to read all customers registered within the tenant.

API Name: READ_ALL_CUSTOMERS

Read customer

Allows the user to read the customers' information.

API Name: READ_CUSTOMER

Write customer

Allows the user to create and manage customers (ORGANIZATION, PARTNER), write customer's information (CUSTOMER).

API Name: WRITE_CUSTOMER

Location

Delete location

Allows the user to delete locations.

API Name: DELETE_LOCATION

Import locations

Allows administrative users to import locations data in a bulk way.

API Name: IMPORT_LOCATIONS

Read location

Allows the user to read the location's information.

API Name: READ_LOCATION

Write location

Allows the user to create and manage (ORGANIZATION, PARTNER), write location's information (CUSTOMER).

API Name: WRITE_LOCATION

Thing

Delete metric value

Allows the user to delete a metric value.

API Name: DELETE_METRIC_VALUE

Delete thing

Allows the user to delete things.

API Name: DELETE_THING

Export Thing Data

Allows the user to execute a bulk data export for the visible things.

API Name: EXPORT_DATA

Read all things

Allows the user to read all things of the tenant.

API Name: READ_ALL_THINGS

Read certificate

Allows the administrator to read the thing certificates.

This permission can be assigned only to ORGANIZATION and PARTNER user types.

API Name: READ_CERTIFICATE

Read cloud status

Allows the service manager to read the thing cloud status.

API Name: READ_CLOUD_STATUS

Read historical data

Allows the user to read the historical data.

This permission cannot be assigned to Back-office user types.

API Name: READ_HISTORICAL_DATA

Read rule

Allows the user to read the thing's defined rules.

API Name: READ_RULE

The availability of this permission depends on the subscription bundle.

Required modules: Value-added Digital Services

Read thing

Allows the user to read the things' information.

API Name: READ_THING

Read user authorization

Allows the user to read the user authorizations on customer's Things.

This permission can be assigned only to CUSTOMER user types.

API Name: READ_USER_AUTHORIZATION

Register thing

Allows the user to register new things without an owner.

API Name: REGISTER_THING

Reset user authorization

Allows the user to reset the user to thing authorizations.

This permission can be assigned only to CUSTOMER user types.

API Name: RESET_USER_AUTHORIZATION

Write SIM

Allows the user to verify and change the status of the SIM installed within the product.

This permission can be assigned only to ORGANIZATION user types.

API Name: WRITE_SIM

Write certificate

Allows the administrator the management of the thing certificates.

This permission can be assigned only to ORGANIZATION and PARTNER user types.

API Name: WRITE_CERTIFICATE

Write cloud status

Allows the service manager to change the thing cloud status.

This permission can be assigned only to ORGANIZATION user types.

API Name: WRITE_CLOUD_STATUS

Write metric value

Allows the user to set a metric value.

API Name: WRITE_METRIC_VALUE

Write rule

Allows the user to write, manage and delete thing's defined rules.

API Name: WRITE_RULE

The availability of this permission depends on the subscription bundle.

Required modules: Value-added Digital Services

Write thing

Allows the user to create and manage things.

API Name: WRITE_THING

Write thing activation

Allows the user to activate a new thing.

API Name: WRITE_THING_ACTIVATION

Write thing option

Allows the user to set Thing's options.

API Name: WRITE_THING_OPTION

Write user authorization

Allows the user to read the user authorizations on customer's Things.

This permission can be assigned only to CUSTOMER user types.

API Name: WRITE_USER_AUTHORIZATION

Write work session

Allows the user to manually create a work session.

API Name: WRITE_WORK_SESSION

The availability of this permission depends on the subscription bundle.

Required modules: Value-added Digital Services

Thing Remote Control

Execute bulk update

Allows the user to perform a bulk update.

API Name: EXECUTE_BULK_UPDATE

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales, Value-added Digital Services

Execute thing command

Allows the user to execute commands on the connected things.

API Name: EXECUTE_THING_COMMAND

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales

Read task

Allows the user to read the task's information.

API Name: READ_TASK

The availability of this permission depends on the subscription bundle.

Required modules: Value-added Digital Services

Set thing parameter

Allows the user to set configuration parameters to the connected things.

API Name: SET_THING_PARAMETER

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales

Update firmware

Allows the technichian to trigger firmware upates.

API Name: UPDATE_FIRMWARE

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales

Write recipe

Allows the user the edit recipes.

API Name: WRITE_RECIPE

The availability of this permission depends on the subscription bundle.

Required modules: Value-added Digital Services

Write task

Allows the user to create, manage and delete tasks.

API Name: WRITE_TASK

The availability of this permission depends on the subscription bundle.

Required modules: Value-added Digital Services

Thing Connection

Read connection mapping

Allows the user to read connection mappings.

API Name: READ_CONNECTION_MAPPING

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales

Read thing connection tokens

Allows the user to read the registered connection tokens.

API Name: READ_THING_CONNECTION_TOKENS

Write connection mapping

Allows the user to configure connection mappings.

API Name: WRITE_CONNECTION_MAPPING

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales

Write thing connection tokens

Allows the user to register new connection tokens.

This permission can be assigned only to ORGANIZATION and PARTNER user types.

API Name: WRITE_THING_CONNECTION_TOKENS

Event

Clear event

Allows the user to clear manually an active event.

API Name: CLEAR_ALERT

Read event troubleshooting history

Allows the user to read the event troubleshooting history.

API Name: READ_ALERT_TROUBLESHOOTING_HISTORY

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales, Value-added Digital Services

Write event status

Allows the user to acknoledge an event.

API Name: WRITE_ALERT_STATUS

Maintenance

Read maintenance registry

Allows the user to read the maintenance registry.

API Name: READ_MAINTENANCE_REGISTRY

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales, Value-added Digital Services

Write maintenance registry

Allows the user to write the maintenance registry.

API Name: WRITE_MAINTENANCE_REGISTRY

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales, Value-added Digital Services

Notifications

Receive thing alert notifications

Allows the user to receive notifications on activation and clearing of alerts.

API Name: RECEIVE_THING_ALERT_NOTIFICATIONS

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales

Receive thing work session notifications

Allows the user to receive notifications about starting and stopping work sessions.

This permission can be assigned only to CUSTOMER user types.

API Name: RECEIVE_THING_WORK_SESSION_NOTIFICATIONS

Organization

Delete organization

Allows the user to delete organizations.

This permission can be assigned only to ORGANIZATION user types.

API Name: DELETE_ORGANIZATION

Read all organizations

Allows the user to read all organizations registered within the tenant.

API Name: READ_ALL_ORGANIZATIONS

Read organization

Allows the user to read the organization's information.

This permission can be assigned only to ORGANIZATION user types.

API Name: READ_ORGANIZATION

Read organization authorization

Allows the user to read organizations' authorizations.

This permission can be assigned only to ORGANIZATION user types.

API Name: READ_ORGANIZATION_AUTHORIZATION

Write organization

Allows the user to create and manage organizations.

This permission can be assigned only to ORGANIZATION user types.

API Name: WRITE_ORGANIZATION

Write organization authorization

Allows the user to manage organization' authorizations.

This permission can be assigned only to ORGANIZATION user types.

API Name: WRITE_ORGANIZATION_AUTHORIZATION

Partner

Delete partner

Allows the user to delete partners.

API Name: DELETE_PARTNER

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales

Read partner

Allows the user to read the partners' information.

API Name: READ_PARTNER

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales

Read partner authorization

Allows the user to read partners' authorizations.

API Name: READ_PARTNER_AUTHORIZATION

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales

Receive partner authorization update notification

Allows the user to receive a notification on partner authorizations updates.

API Name: RECEIVE_PARTNER_AUTHORIZATION_UPDATE_NOTIFICATION

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales

Write partner

Allows the user to create and manage partners.

API Name: WRITE_PARTNER

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales

Write partner authorization

Allows the user to manage partners' authorizations.

This permission can be assigned only to ORGANIZATION and PARTNER user types.

API Name: WRITE_PARTNER_AUTHORIZATION

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales

Security

Read api key

Allows the user to read the API Key configured on partner or customer entities.

API Name: READ_API_KEY

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales, Value-added Digital Services

Read audit

Allows the user to read audit for user activities and events.

API Name: READ_AUDIT

Write PAT

Allows the user to write personal access tokens.

API Name: WRITE_PAT

Write api key

Allows the user to write, manage and delete API Keys.

This permission can be assigned only to ORGANIZATION user types.

API Name: WRITE_API_KEY

Testing

Read connection test

Allows the user to read the connection tests.

This permission can be assigned only to ORGANIZATION and PARTNER user types.

API Name: READ_CONNECTION_TEST

Read thing test

Allows the user to read thing test sessions.

API Name: READ_THING_TEST

Write connection test

Allows the user to start connection tests.

This permission can be assigned only to ORGANIZATION and PARTNER user types.

API Name: WRITE_CONNECTION_TEST

Write thing test

Allows the user to manage thing test sessions.

API Name: WRITE_THING_TEST

User

Invite guest user

Allows the user to invite new users.

API Name: INVITE_GUEST_USER

Never suspend

Allows the user to never expire even if inactive for a long time.

API Name: NEVER_SUSPEND

Read all users

Allows the user to read all users registered within the tenant.

API Name: READ_ALL_USERS

Read guest user

Allows the user to read the invited guest users.

API Name: READ_GUEST_USER

Read user

Allows the user to read the users' information.

API Name: READ_USER

Read user permissions

Allows the user to read other users' permissions.

API Name: READ_USER_PERMISSIONS

Write user

Allows the user to create, manage and delete users.

API Name: WRITE_USER

Write user notification settings

Allows the user to edit notification preference of another user.

This permission can be assigned only to ORGANIZATION and PARTNER user types.

API Name: WRITE_USER_NOTIFICATION_SETTINGS

Write user permissions

Allows the user to manage users' permissions.

API Name: WRITE_USER_PERMISSIONS

Write user status

Allows the administrator to update the user status.

API Name: WRITE_USER_STATUS

Tagging

Write tag

Allows the user to write tag definitions.

API Name: WRITE_TAG

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales, Value-added Digital Services

Write thing tag

Allows the user to tag a thing.

API Name: WRITE_THING_TAG

The availability of this permission depends on the subscription bundle.

Required modules: Smart After Sales, Value-added Digital Services

Store

Place order

BUYER: allows the user to place an order. The checkout button is available in the Cart tab of the Store page.

This permission can be assigned only to CUSTOMER and PARTNER user types.

API Name: PLACE_ORDER

The availability of this permission depends on the subscription bundle.

Required modules: Spare Parts & Consumables, Value-added Digital Services

Read order

BUYER: allows the user to view all created orders. PROVIDER: allows the user to view all received orders. The Orders tab is visible on the Store page.

API Name: READ_ORDER

The availability of this permission depends on the subscription bundle.

Required modules: Spare Parts & Consumables, Value-added Digital Services

Read payment

CUSTOMER: allows the user to read all payments made by himself. The Payments tab is visible on the Store page. ORGANIZATION: allows the user to read all payments associated with the visible Customers. The Payments tab is visible on the Store page.

This permission can be assigned only to ORGANIZATION and CUSTOMER user types.

API Name: READ_PAYMENTS

The availability of this permission depends on the subscription bundle.

Required modules: Value-added Digital Services

Read subscription

CUSTOMER: allows the user to access the list of subscriptions in the Store page. The Subscriptions tab is visible in the Store page. ORGANIZATION: allows the user to access the Subscription of a Thing or Customer. The Subscription tab is visible in the Thing or Customer editing page.

API Name: READ_SUBSCRIPTION

The availability of this permission depends on the subscription bundle.

Required modules: Value-added Digital Services

Write order

PROVIDER: allows the user to add notes to an order or change the order status.

This permission can be assigned only to ORGANIZATION and PARTNER user types.

API Name: WRITE_ORDER

The availability of this permission depends on the subscription bundle.

Required modules: Spare Parts & Consumables, Value-added Digital Services

Write payment

Allows the user to modify a payment of a Customer.

This permission can be assigned only to ORGANIZATION user types.

API Name: WRITE_PAYMENTS

The availability of this permission depends on the subscription bundle.

Required modules: Value-added Digital Services

Write subscription

Allows the user to modify the subscription of a Thing or Customer.

API Name: WRITE_SUBSCRIPTION

The availability of this permission depends on the subscription bundle.

Required modules: Value-added Digital Services

Spare Parts

Delete spare part

Allows the user to delete a spare part.

API Name: DELETE_SPARE_PART

The availability of this permission depends on the subscription bundle.

Required modules: Spare Parts & Consumables

Read spare part

Allows the user to read spare parts.

API Name: READ_SPARE_PART

The availability of this permission depends on the subscription bundle.

Required modules: Spare Parts & Consumables

Write spare part

Allows the user to write a spare part.

API Name: WRITE_SPARE_PART

The availability of this permission depends on the subscription bundle.

Required modules: Spare Parts & Consumables

Product Models

Delete product model

Allows the user to delete a product model.

API Name: DELETE_PRODUCT_MODEL

The availability of this permission depends on the subscription bundle.

Required modules: Spare Parts & Consumables

Write product model

Allows the user to write a product model.

API Name: WRITE_PRODUCT_MODEL

The availability of this permission depends on the subscription bundle.

Required modules: Spare Parts & Consumables

Consumable

Write consumable stock

Allows the customer user to manage the stock.

API Name: WRITE_CONSUMABLE_STOCK

The availability of this permission depends on the subscription bundle.

Required modules: Spare Parts & Consumables

Notes

Read note

Allows the organization user to read a note for a resource.

This permission can be assigned only to ORGANIZATION user types.

API Name: READ_NOTE