User types and API Keys are associated with a set of permissions, each one enabling a feature or read/write capability on a specific object.
Here is the list of permissions grouped according to the topic they are intended for.
Customer
Delete customer | Allows the user to permanently delete customers from the system. API Name: DELETE_CUSTOMER |
Import customers | Allows administrative users to import customer data in bulk from an external file. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: IMPORT_CUSTOMERS |
Read all customers | Allows the user to view every customer registered within the tenant, beyond the ones directly assigned to them. API Name: READ_ALL_CUSTOMERS |
Read customer | Allows the user to view the details and information of the customers they have access to. API Name: READ_CUSTOMER |
Write customer | Allows the user to create and manage customer entities (ORGANIZATION, PARTNER) and to edit the information of the parent customer (CUSTOMER). API Name: WRITE_CUSTOMER |
Location
Delete location | Allows the user to permanently delete locations from the system. API Name: DELETE_LOCATION |
Import locations | Allows administrative users to import locations in bulk from an external file. API Name: IMPORT_LOCATIONS |
Read location | Allows the user to view the details and information of the locations they have access to. API Name: READ_LOCATION |
Write location | Allows the user to create and manage locations. API Name: WRITE_LOCATION |
Thing
This permission can be assigned to Back-office user types only if the Connected Field Service module is active.
Delete metric value | Allows the user to delete stored metric values. API Name: DELETE_METRIC_VALUE |
Delete thing | Allows the user to permanently delete things from the system. API Name: DELETE_THING |
Export thing data | Allows the user to run a bulk data export for the things they can see. API Name: EXPORT_DATA |
Import thing data | Allows the user to import metric data for a specific thing. API Name: IMPORT_DATA |
Read all things | Allows the user to view every thing registered within the tenant, beyond the ones directly assigned to them. API Name: READ_ALL_THINGS |
| Allows the administrator to view the security certificates associated with a thing. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: READ_CERTIFICATE |
Read cloud status | Allows the user to view the cloud connection status of a thing. API Name: READ_CLOUD_STATUS |
Read historical data | Allows the user to view the historical data collected from things. API Name: READ_HISTORICAL_DATA
|
Read rule | Allows the user to view the automation rules defined on a thing. API Name: READ_RULE
|
Read thing | Allows the user to view the details and information of the things they have access to. API Name: READ_THING |
Read user authorization | Allows the user to view which users are authorized to access the customer's things. This permission can be assigned only to CUSTOMER user types. API Name: READ_USER_AUTHORIZATION |
Register thing | Allows the user to register new things that do not yet have an owner. API Name: REGISTER_THING |
Reset user authorization | Allows the user to reset all user-to-thing authorizations for the customer's things. This permission can be assigned only to CUSTOMER user types. API Name: RESET_USER_AUTHORIZATION |
Write SIM | Allows the user to verify and change the status of the SIM card installed in the product. API Name: WRITE_SIM |
| Allows the administrator to create, update, and manage the security certificates associated with a thing. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: WRITE_CERTIFICATE |
Write cloud status | Allows the user to change the cloud connection status of a thing. This permission can be assigned only to ORGANIZATION user types. API Name: WRITE_CLOUD_STATUS |
Write metric value | Allows the user to manually set or update the value of a metric. API Name: WRITE_METRIC_VALUE |
Write rule | Allows the user to create, edit, and delete automation rules defined on things. API Name: WRITE_RULE
|
Write thing | Allows the user to create and manage things, including editing their information. API Name: WRITE_THING |
Write thing activation | Allows the user to activate a newly registered thing. API Name: WRITE_THING_ACTIVATION |
Write thing option | Allows the user to configure and update the options of a thing. API Name: WRITE_THING_OPTION |
Write user authorization | Allows the user to grant, revoke, and manage user authorizations on the customer's things. This permission can be assigned only to CUSTOMER user types. API Name: WRITE_USER_AUTHORIZATION |
Write work session | Allows the user to manually create a work session for a thing. API Name: WRITE_WORK_SESSION
|
Thing Remote Control
Execute bulk update | Allows the user to run a remote-control operation on multiple things at once (bulk update). API Name: EXECUTE_BULK_UPDATE
|
Execute thing command | Allows the user to send and execute commands on connected things. API Name: EXECUTE_THING_COMMAND
|
Read task | Allows the user to view the details and information of tasks. API Name: READ_TASK
|
Set thing parameter | Allows the user to set configuration parameters on connected things. API Name: SET_THING_PARAMETER
|
Update firmware | Allows the user to trigger firmware updates on things. API Name: UPDATE_FIRMWARE
|
Write recipe | Allows the user to create and edit recipes. API Name: WRITE_RECIPE
|
Write task | Allows the user to create, manage, and delete tasks. API Name: WRITE_TASK
|
Thing Connection
Read connection mapping | Allows the user to view the connection mappings between things and their data sources. API Name: READ_CONNECTION_MAPPING
|
Read thing connection tokens | Allows the user to view the registered connection tokens used by things. API Name: READ_THING_CONNECTION_TOKENS |
Write connection mapping | Allows the user to create and configure connection mappings between things and their data sources. API Name: WRITE_CONNECTION_MAPPING
|
Write thing connection tokens | Allows the user to register and manage new connection tokens for things. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: WRITE_THING_CONNECTION_TOKENS |
Event
Clear event | Allows the user to manually clear an active event. API Name: CLEAR_ALERT |
Read event troubleshooting history | Allows the user to view the troubleshooting history of an event. API Name: READ_ALERT_TROUBLESHOOTING_HISTORY
|
Write event status | Allows the user to acknowledge an active event. API Name: WRITE_ALERT_STATUS |
Maintenance
Read maintenance registry | Allows the user to view the maintenance registry of a thing. API Name: READ_MAINTENANCE_REGISTRY
|
Read work order | Allows the user to view work orders. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: READ_WORK_ORDER
|
Work order executor | Allows the user to start and complete the execution of a work order. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: WORK_ORDER_EXECUTOR
|
Work order manager | Allows the user to approve or discard work orders. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: WORK_ORDER_MANAGER
|
Write maintenance registry | Allows the user to create and update entries in the maintenance registry. API Name: WRITE_MAINTENANCE_REGISTRY
|
Write work order | Allows the user to create and edit work orders. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: WRITE_WORK_ORDER
|
Support
Read ticket | Allows the user to view support tickets. API Name: READ_TICKET |
Write ticket | Allows the user to create and edit support tickets. API Name: WRITE_TICKET |
Notifications
Receive thing alert notifications | Allows the user to receive notifications when alerts are activated or cleared. API Name: RECEIVE_THING_ALERT_NOTIFICATIONS
|
Receive thing work session notifications | Allows the user to receive notifications when work sessions start or stop. This permission can be assigned only to CUSTOMER user types. API Name: RECEIVE_THING_WORK_SESSION_NOTIFICATIONS |
Organization
Delete organization | Allows the user to permanently delete organizations. This permission can be assigned only to ORGANIZATION user types. API Name: DELETE_ORGANIZATION |
Read all organizations | Allows the user to view every organization registered within the tenant. API Name: READ_ALL_ORGANIZATIONS |
Read organization | Allows the user to view the details and information of organizations. This permission can be assigned only to ORGANIZATION user types. API Name: READ_ORGANIZATION |
Read organization authorization | Allows the user to view the authorizations granted within the organization. This permission can be assigned only to ORGANIZATION user types. API Name: READ_ORGANIZATION_AUTHORIZATION |
Read problem | Allows the user to view the diagnosed problems. This permission can be assigned only to ORGANIZATION user types. API Name: READ_PROBLEM |
Write organization | Allows the user to create and manage organizations. This permission can be assigned only to ORGANIZATION user types. API Name: WRITE_ORGANIZATION |
Write organization authorization | Allows the user to grant, revoke, and manage the organization's authorizations. This permission can be assigned only to ORGANIZATION user types. API Name: WRITE_ORGANIZATION_AUTHORIZATION |
Partner
Delete partner | Allows the user to permanently delete partners. API Name: DELETE_PARTNER
|
Read partner | Allows the user to view the details and information of partners. API Name: READ_PARTNER
|
Read partner authorization | Allows the user to view the authorizations granted to partners. API Name: READ_PARTNER_AUTHORIZATION
|
Receive partner authorization update notification | Allows the user to receive a notification whenever a partner authorization is updated. API Name: RECEIVE_PARTNER_AUTHORIZATION_UPDATE_NOTIFICATION
|
Write partner | Allows the user to create and manage partners. API Name: WRITE_PARTNER
|
Write partner authorization | Allows the user to grant, revoke, and manage partner authorizations. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: WRITE_PARTNER_AUTHORIZATION
|
Account and Security
Account Administrator | Allows the user to administer the account, including its settings and configuration. API Name: ACCOUNT_ADMINISTRATOR |
Read API key | Allows the user to view the API keys configured on partner or customer entities. API Name: READ_API_KEY
|
Read audit | Allows the user to view the audit log of user activities and system events. API Name: READ_AUDIT |
Write API key | Allows the user to create, manage, and delete API keys. This permission can be assigned only to ORGANIZATION user types. API Name: WRITE_API_KEY |
Write PAT | Allows the user to create and manage personal access tokens. API Name: WRITE_PAT |
Testing
Read connection test | Allows the user to view connection tests. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: READ_CONNECTION_TEST |
Read thing test | Allows the user to view test sessions. API Name: READ_THING_TEST |
Write connection test | Allows the user to start and manage connection tests. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: WRITE_CONNECTION_TEST |
Write thing test | Allows the user to create and manage test sessions. API Name: WRITE_THING_TEST |
User
| Allows the user to invite new guest users. API Name: INVITE_GUEST_USER |
Never suspend | Exempts the user from automatic suspension, so the account never expires even after a long period of inactivity. API Name: NEVER_SUSPEND |
Read all users | Allows the user to view every user registered within the tenant. API Name: READ_ALL_USERS |
| Allows the user to view the invited guest users. API Name: READ_GUEST_USER |
Read user | Allows the user to view the details and information of other users. API Name: READ_USER |
Read user permissions | Allows the user to view the permissions assigned to other users. API Name: READ_USER_PERMISSIONS |
Write user | Allows the user to create, manage, and delete users. API Name: WRITE_USER |
Write user notification settings | Allows the user to edit another user's notification preferences. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: WRITE_USER_NOTIFICATION_SETTINGS |
Write user permissions | Allows the user to assign and manage the permissions of other users. API Name: WRITE_USER_PERMISSIONS |
Write user status | Allows the administrator to change the status of a user. API Name: WRITE_USER_STATUS |
Tagging
Write tag | Allows the user to create and manage tag definitions. API Name: WRITE_TAG
|
Write thing tag | Allows the user to assign tags to a thing. API Name: WRITE_THING_TAG
|
Store
Place order | BUYER: allows the user to place an order. The checkout button becomes available in the Cart tab of the Store page. This permission can be assigned only to CUSTOMER and PARTNER user types. API Name: PLACE_ORDER
|
Read order | BUYER: allows the user to view all the orders they have created. PROVIDER: allows the user to view all the orders they have received. The Orders tab becomes visible on the Store page. API Name: READ_ORDER
|
Read payment | CUSTOMER: allows the user to view all the payments they have made; the Payments tab becomes visible on the Store page. ORGANIZATION: allows the user to view all the payments associated with the visible customers; the Payments tab becomes visible on the Store page. This permission can be assigned only to ORGANIZATION and CUSTOMER user types. API Name: READ_PAYMENTS
|
Read subscription | CUSTOMER: allows the user to view the list of subscriptions on the Store page; the Subscriptions tab becomes visible there. ORGANIZATION: allows the user to view the subscription of a thing or customer; the Subscription tab becomes visible in the thing or customer editing page. API Name: READ_SUBSCRIPTION
|
Write order | PROVIDER: allows the user to add notes to an order or change its status. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: WRITE_ORDER
|
Write payment | Allows the user to create and modify a customer's payment. This permission can be assigned only to ORGANIZATION user types. API Name: WRITE_PAYMENTS
|
Write subscription | Allows the user to create and modify the subscription of a thing or customer. API Name: WRITE_SUBSCRIPTION
|
Spare Parts
Delete spare part | Allows the user to delete spare parts. API Name: DELETE_SPARE_PART
|
Read spare part | Allows the user to view spare parts. API Name: READ_SPARE_PART
|
Write spare part | Allows the user to create and edit spare parts. API Name: WRITE_SPARE_PART
|
Product Models
Delete product model | Allows the user to delete product models. API Name: DELETE_PRODUCT_MODEL
|
Write product model | Allows the user to create and edit product models. API Name: WRITE_PRODUCT_MODEL
|
Consumable
Write consumable stock | Allows the customer user to manage the consumable stock. API Name: WRITE_CONSUMABLE_STOCK
|
Notes
Read note | Allows the organization user to view the notes attached to a resource. This permission can be assigned only to ORGANIZATION user types. API Name: READ_NOTE |