Users/ Authorization / Roles

icon

Introduction

Tenant administrator can manage users and assign them different roles. Roles are composed of different permissions. Waylay comes with set of predefined roles. If a user creates an API key, that key will inherit all permissions of that user.

Access rights/features

With WaylayDashboard users are able to perform the following operations:

  • Manage billing and global settings
  • CRUD operations on actuators
  • CRUD operations on sensors
  • CRUD operations on templates
  • CRUD operations on tasks
  • CRUD operations on resource types
  • CRUD operations on payload transformers
  • Run debugger
  • Migrate tasks/templates (see the link)

Roles

These are currently three predifined roles available in waylay:

  • admin
  • operator
  • qa

Admin

The Admin user has no restrictions, and next to all available operations, he can also edit global settings and set up billing.

Operator

The Operator user has the following permissions:

  • Manage Plugins (sensors and actuators)
  • View all templates
  • Manage all templates
  • View all tasks
  • Managed own tasks
  • Create debug task

QA

The QA user is a read-only role:

  • View all plugins
  • View all templates
  • View all tasks
  • Create debug task

Complete list of permissions

  • vault:all:update
  • vault:me:update
  • vault:me:delete
  • vault:all:create
  • vault:all:read
  • vault:me:read
  • vault:all:delete
  • vault:me:create
  • users:all:delete
  • users:all:create
  • users:all:read
  • users:all:update
  • roles:all:update
  • roles:all:create
  • roles:all:read
  • roles:all:delete
  • alarms:me:delete
  • alarms:all:delete
  • alarms:all:update
  • alarms:me:create
  • alarms:all:read
  • alarms:me:read
  • alarms:all:create
  • alarms:me:update
  • billing:me:delete
  • billing:all:delete
  • billing:all:update
  • billing:me:update
  • billing:all:read
  • billing:me:create
  • billing:all:create
  • billing:me:read
  • export:all:read
  • export:all:create
  • export:me:create
  • export:me:delete
  • export:me:read
  • export:me:update
  • export:all:delete
  • export:all:update
  • jobs:me:update
  • jobs:me:create
  • jobs:me:read
  • jobs:me:delete
  • jobs:all:create
  • jobs:all:read
  • jobs:all:update
  • jobs:all:delete
  • measurements:me:read
  • measurements:all:delete
  • measurements:all:update
  • measurements:all:read
  • measurements:me:update
  • measurements:me:create
  • measurements:me:delete
  • measurements:all:create
  • migration:me:create
  • migration:me:update
  • migration:me:read
  • migration:all:create
  • migration:all:update
  • migration:all:delete
  • migration:all:read
  • migration:me:delete
  • plugs:me:create
  • plugs:all:read
  • plugs:all:create
  • plugs:me:update
  • plugs:all:update
  • plugs:me:read
  • plugs:all:delete
  • plugs:me:delete
  • resources:all:update
  • resources:me:read
  • resources:all:delete
  • resources:all:read
  • resources:me:create
  • resources:all:create
  • resources:me:update
  • resources:me:delete
  • settings:me:delete
  • settings:all:read
  • settings:me:read
  • settings:all:delete
  • settings:all:create
  • settings:all:update
  • settings:me:update
  • settings:me:create
  • tasks:all:read
  • tasks:all:delete
  • tasks:all:update
  • tasks:all:create
  • tasks:me:delete
  • tasks:me:update
  • tasks:me:read
  • tasks:me:create
  • templates:all:create
  • templates:me:create
  • templates:all:delete
  • templates:me:read
  • templates:me:delete
  • templates:all:update
  • templates:me:update
  • templates:all:read
  • tokens:me:read
  • tokens:all:create
  • tokens:me:update
  • tokens:all:read
  • tokens:me:delete
  • tokens:all:delete
  • tokens:me:create
  • tokens:all:update