User types and API Keys are associated with a set of permissions, each one enabling a feature or read/write capability on a specific object.
The following is a list of permits grouped according to the topic they are intended for.
Customer
Customer account administrator | Allows the user to manage the customer account. This permission can be assigned only to CUSTOMER user types. API Name: CUSTOMER_ACCOUNT_ADMINISTRATOR |
Delete customer | Allows the user to delete customers. API Name: DELETE_CUSTOMER |
Import customers | Allows administrative users to import customer data in a bulk way. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: IMPORT_CUSTOMERS |
Read all customers | Allows the user to read all customers registered within the tenant. API Name: READ_ALL_CUSTOMERS |
Read customer | Allows the user to read the customers' information. API Name: READ_CUSTOMER |
Write customer | Allows the user to create and manage customers (ORGANIZATION, PARTNER), write customer's information (CUSTOMER). API Name: WRITE_CUSTOMER |
Location
Delete location | Allows the user to delete locations. API Name: DELETE_LOCATION |
Import locations | Allows administrative users to import locations data in a bulk way. API Name: IMPORT_LOCATIONS |
Read location | Allows the user to read the location's information. API Name: READ_LOCATION |
Write location | Allows the user to create and manage (ORGANIZATION, PARTNER), write location's information (CUSTOMER). API Name: WRITE_LOCATION |
Thing
Delete metric value | Allows the user to delete a metric value. API Name: DELETE_METRIC_VALUE |
Delete thing | Allows the user to delete things. API Name: DELETE_THING |
Export Thing Data | Allows the user to execute a bulk data export for the visible things. API Name: EXPORT_DATA |
Read all things | Allows the user to read all things of the tenant. API Name: READ_ALL_THINGS |
Read certificate | Allows the administrator to read the thing certificates. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: READ_CERTIFICATE |
Read cloud status | Allows the service manager to read the thing cloud status. API Name: READ_CLOUD_STATUS |
Read historical data | Allows the user to read the historical data. This permission cannot be assigned to Back-office user types. API Name: READ_HISTORICAL_DATA |
Read rule | Allows the user to read the thing's defined rules. API Name: READ_RULE
|
Read thing | Allows the user to read the things' information. API Name: READ_THING |
Read user authorization | Allows the user to read the user authorizations on customer's Things. This permission can be assigned only to CUSTOMER user types. API Name: READ_USER_AUTHORIZATION |
Register thing | Allows the user to register new things without an owner. API Name: REGISTER_THING |
Reset user authorization | Allows the user to reset the user to thing authorizations. This permission can be assigned only to CUSTOMER user types. API Name: RESET_USER_AUTHORIZATION |
Write SIM | Allows the user to verify and change the status of the SIM installed within the product. This permission can be assigned only to ORGANIZATION user types. API Name: WRITE_SIM |
Write certificate | Allows the administrator the management of the thing certificates. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: WRITE_CERTIFICATE |
Write cloud status | Allows the service manager to change the thing cloud status. This permission can be assigned only to ORGANIZATION user types. API Name: WRITE_CLOUD_STATUS |
Write metric value | Allows the user to set a metric value. API Name: WRITE_METRIC_VALUE |
Write rule | Allows the user to write, manage and delete thing's defined rules. API Name: WRITE_RULE
|
Write thing | Allows the user to create and manage things. API Name: WRITE_THING |
Write thing activation | Allows the user to activate a new thing. API Name: WRITE_THING_ACTIVATION |
Write thing option | Allows the user to set Thing's options. API Name: WRITE_THING_OPTION |
Write user authorization | Allows the user to read the user authorizations on customer's Things. This permission can be assigned only to CUSTOMER user types. API Name: WRITE_USER_AUTHORIZATION |
Write work session | Allows the user to manually create a work session. API Name: WRITE_WORK_SESSION
|
Thing Remote Control
Execute bulk update | Allows the user to perform a bulk update. API Name: EXECUTE_BULK_UPDATE
|
Execute thing command | Allows the user to execute commands on the connected things. API Name: EXECUTE_THING_COMMAND
|
Read task | Allows the user to read the task's information. API Name: READ_TASK
|
Set thing parameter | Allows the user to set configuration parameters to the connected things. API Name: SET_THING_PARAMETER
|
Update firmware | Allows the technichian to trigger firmware upates. API Name: UPDATE_FIRMWARE
|
Write recipe | Allows the user the edit recipes. API Name: WRITE_RECIPE
|
Write task | Allows the user to create, manage and delete tasks. API Name: WRITE_TASK
|
Thing Connection
Read connection mapping | Allows the user to read connection mappings. API Name: READ_CONNECTION_MAPPING
|
Read thing connection tokens | Allows the user to read the registered connection tokens. API Name: READ_THING_CONNECTION_TOKENS |
Write connection mapping | Allows the user to configure connection mappings. API Name: WRITE_CONNECTION_MAPPING
|
Write thing connection tokens | Allows the user to register new connection tokens. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: WRITE_THING_CONNECTION_TOKENS |
Event
Clear event | Allows the user to clear manually an active event. API Name: CLEAR_ALERT |
Read event troubleshooting history | Allows the user to read the event troubleshooting history. API Name: READ_ALERT_TROUBLESHOOTING_HISTORY
|
Write event status | Allows the user to acknoledge an event. API Name: WRITE_ALERT_STATUS |
Maintenance
Read maintenance registry | Allows the user to read the maintenance registry. API Name: READ_MAINTENANCE_REGISTRY
|
Write maintenance registry | Allows the user to write the maintenance registry. API Name: WRITE_MAINTENANCE_REGISTRY
|
Notifications
Receive thing alert notifications | Allows the user to receive notifications on activation and clearing of alerts. API Name: RECEIVE_THING_ALERT_NOTIFICATIONS
|
Receive thing work session notifications | Allows the user to receive notifications about starting and stopping work sessions. This permission can be assigned only to CUSTOMER user types. API Name: RECEIVE_THING_WORK_SESSION_NOTIFICATIONS |
Organization
Delete organization | Allows the user to delete organizations. This permission can be assigned only to ORGANIZATION user types. API Name: DELETE_ORGANIZATION |
Read all organizations | Allows the user to read all organizations registered within the tenant. API Name: READ_ALL_ORGANIZATIONS |
Read organization | Allows the user to read the organization's information. This permission can be assigned only to ORGANIZATION user types. API Name: READ_ORGANIZATION |
Read organization authorization | Allows the user to read organizations' authorizations. This permission can be assigned only to ORGANIZATION user types. API Name: READ_ORGANIZATION_AUTHORIZATION |
Write organization | Allows the user to create and manage organizations. This permission can be assigned only to ORGANIZATION user types. API Name: WRITE_ORGANIZATION |
Write organization authorization | Allows the user to manage organization' authorizations. This permission can be assigned only to ORGANIZATION user types. API Name: WRITE_ORGANIZATION_AUTHORIZATION |
Partner
Delete partner | Allows the user to delete partners. API Name: DELETE_PARTNER
|
Read partner | Allows the user to read the partners' information. API Name: READ_PARTNER
|
Read partner authorization | Allows the user to read partners' authorizations. API Name: READ_PARTNER_AUTHORIZATION
|
Receive partner authorization update notification | Allows the user to receive a notification on partner authorizations updates. API Name: RECEIVE_PARTNER_AUTHORIZATION_UPDATE_NOTIFICATION
|
Write partner | Allows the user to create and manage partners. API Name: WRITE_PARTNER
|
Write partner authorization | Allows the user to manage partners' authorizations. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: WRITE_PARTNER_AUTHORIZATION
|
Security
Read api key | Allows the user to read the API Key configured on partner or customer entities. API Name: READ_API_KEY
|
Read audit | Allows the user to read audit for user activities and events. API Name: READ_AUDIT |
Write PAT | Allows the user to write personal access tokens. API Name: WRITE_PAT |
Write api key | Allows the user to write, manage and delete API Keys. This permission can be assigned only to ORGANIZATION user types. API Name: WRITE_API_KEY |
Testing
Read connection test | Allows the user to read the connection tests. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: READ_CONNECTION_TEST |
Read thing test | Allows the user to read thing test sessions. API Name: READ_THING_TEST |
Write connection test | Allows the user to start connection tests. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: WRITE_CONNECTION_TEST |
Write thing test | Allows the user to manage thing test sessions. API Name: WRITE_THING_TEST |
User
Invite guest user | Allows the user to invite new users. API Name: INVITE_GUEST_USER |
Never suspend | Allows the user to never expire even if inactive for a long time. API Name: NEVER_SUSPEND |
Read all users | Allows the user to read all users registered within the tenant. API Name: READ_ALL_USERS |
Read guest user | Allows the user to read the invited guest users. API Name: READ_GUEST_USER |
Read user | Allows the user to read the users' information. API Name: READ_USER |
Read user permissions | Allows the user to read other users' permissions. API Name: READ_USER_PERMISSIONS |
Write user | Allows the user to create, manage and delete users. API Name: WRITE_USER |
Write user notification settings | Allows the user to edit notification preference of another user. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: WRITE_USER_NOTIFICATION_SETTINGS |
Write user permissions | Allows the user to manage users' permissions. API Name: WRITE_USER_PERMISSIONS |
Write user status | Allows the administrator to update the user status. API Name: WRITE_USER_STATUS |
Tagging
Write tag | Allows the user to write tag definitions. API Name: WRITE_TAG
|
Write thing tag | Allows the user to tag a thing. API Name: WRITE_THING_TAG
|
Store
Place order | BUYER: allows the user to place an order. The checkout button is available in the Cart tab of the Store page. This permission can be assigned only to CUSTOMER and PARTNER user types. API Name: PLACE_ORDER
|
Read order | BUYER: allows the user to view all created orders. PROVIDER: allows the user to view all received orders. The Orders tab is visible on the Store page. API Name: READ_ORDER
|
Read payment | CUSTOMER: allows the user to read all payments made by himself. The Payments tab is visible on the Store page. ORGANIZATION: allows the user to read all payments associated with the visible Customers. The Payments tab is visible on the Store page. This permission can be assigned only to ORGANIZATION and CUSTOMER user types. API Name: READ_PAYMENTS
|
Read subscription | CUSTOMER: allows the user to access the list of subscriptions in the Store page. The Subscriptions tab is visible in the Store page. ORGANIZATION: allows the user to access the Subscription of a Thing or Customer. The Subscription tab is visible in the Thing or Customer editing page. API Name: READ_SUBSCRIPTION
|
Write order | PROVIDER: allows the user to add notes to an order or change the order status. This permission can be assigned only to ORGANIZATION and PARTNER user types. API Name: WRITE_ORDER
|
Write payment | Allows the user to modify a payment of a Customer. This permission can be assigned only to ORGANIZATION user types. API Name: WRITE_PAYMENTS
|
Write subscription | Allows the user to modify the subscription of a Thing or Customer. API Name: WRITE_SUBSCRIPTION
|
Spare Parts
Delete spare part | Allows the user to delete a spare part. API Name: DELETE_SPARE_PART
|
Read spare part | Allows the user to read spare parts. API Name: READ_SPARE_PART
|
Write spare part | Allows the user to write a spare part. API Name: WRITE_SPARE_PART
|
Product Models
Delete product model | Allows the user to delete a product model. API Name: DELETE_PRODUCT_MODEL
|
Write product model | Allows the user to write a product model. API Name: WRITE_PRODUCT_MODEL
|
Consumable
Write consumable stock | Allows the customer user to manage the stock. API Name: WRITE_CONSUMABLE_STOCK
|
Notes
Read note | Allows the organization user to read a note for a resource. This permission can be assigned only to ORGANIZATION user types. API Name: READ_NOTE |