Users, Authorization, Roles

icon

Introduction

Within Waylay, Tenant administrator can manage users and assign different roles to these users. Roles are composed of different permissions. Waylay comes with set of predefined roles. If a user creates an API key, that key will inherit all permissions of that user.

Access rights/features

With Waylay Console users are able to perform the following operations:

  • Manage billing and global settings
  • CRUD operations on actuators
  • CRUD operations on sensors
  • CRUD operations on templates
  • CRUD operations on tasks
  • CRUD operations on resource types
  • CRUD operations on payload transformers
  • Run debugger
  • Migrate tasks/templates (see the link)

Roles

These are currently three predifined roles available in waylay:

  • Admin
  • Operator
  • QA
  • Organisation Administrator
  • Provisioner

Admin

The Admin user has no restrictions, and next to all available permissions, he can also edit global settings and set up billing.

Operator

The Operator user has the following permissions:

  • Manage plugins (both sensors and actuators)
  • View all templates
  • Manage all templates
  • View all tasks
  • Managed own tasks
  • Create debug task
  • View all resources
  • Manage all resources
  • View all buckets
  • Manage all buckets

QA

The QA user is a read-only role:

  • View all plugins
  • View all templates
  • View all tasks
  • View all buckets
  • Create debug task

Organisation Administrator

The Organisation Administrator allows a user to manage organisations for his tenant. This role has permissions to:

  • Manage organisations
  • View all organisations

Provisioner

The Provisioner role includes the minimal set of permissions required to use the Waylay Provisioning portal. This role has permissions to:

  • View all organisations
  • Manage resources

Complete list of the permission concepts

  • Alarms
  • Billing
  • Buckets
  • Byoml
  • Export
  • Jobs
  • Measurements
  • Migration
  • Organisations
  • Plugs
  • Resources
  • Roles
  • Settings
  • Tasks
  • Templates
  • Tokens
  • Users
  • Vault

Complete list of permissions

  • alarms:all:create
  • alarms:all:read
  • alarms:all:update
  • alarms:all:delete
  • alarms:me:create
  • alarms:me:read
  • alarms:me:update
  • alarms:me:delete
  • billing:all:create
  • billing:all:read
  • billing:all:update
  • billing:all:delete
  • billing:me:create
  • billing:me:read
  • billing:me:update
  • billing:me:delete
  • buckets:all:create
  • buckets:all:read
  • buckets:all:update
  • buckets:all:delete
  • buckets:me:create
  • buckets:me:read
  • buckets:me:update
  • buckets:me:delete
  • byoml:all:create
  • byoml:all:read
  • byoml:all:update
  • byoml:all:delete
  • byoml:me:create
  • byoml:me:read
  • byoml:me:update
  • byoml:me:delete
  • export:all:create
  • export:all:read
  • export:all:update
  • export:all:delete
  • export:me:create
  • export:me:read
  • export:me:update
  • export:me:delete
  • jobs:all:create
  • jobs:all:read
  • jobs:all:update
  • jobs:all:delete
  • jobs:me:create
  • jobs:me:read
  • jobs:me:update
  • jobs:me:delete
  • measurements:all:create
  • measurements:all:read
  • measurements:all:update
  • measurements:all:delete
  • measurements:me:create
  • measurements:me:read
  • measurements:me:update
  • measurements:me:delete
  • migration:all:create
  • migration:all:read
  • migration:all:update
  • migration:all:delete
  • migration:me:create
  • migration:me:read
  • migration:me:update
  • migration:me:delete
  • organisations:all:create
  • organisations:all:read
  • organisations:all:update
  • organisations:all:delete
  • organisations:me:create
  • organisations:me:read
  • organisations:me:update
  • organisations:me:delete
  • plugs:all:create
  • plugs:all:read
  • plugs:all:update
  • plugs:all:delete
  • plugs:me:create
  • plugs:me:read
  • plugs:me:update
  • plugs:me:delete
  • resources:all:create
  • resources:all:read
  • resources:all:update
  • resources:all:delete
  • resources:me:create
  • resources:me:read
  • resources:me:update
  • resources:me:delete
  • roles:all:create
  • roles:all:read
  • roles:all:update
  • roles:all:delete
  • roles:me:create
  • roles:me:read
  • roles:me:update
  • roles:me:delete
  • settings:all:create
  • settings:all:read
  • settings:all:update
  • settings:all:delete
  • settings:me:create
  • settings:me:read
  • settings:me:update
  • settings:me:delete
  • tasks:all:create
  • tasks:all:read
  • tasks:all:update
  • tasks:all:delete
  • tasks:me:create
  • tasks:me:read
  • tasks:me:update
  • tasks:me:delete
  • templates:all:create
  • templates:all:read
  • templates:all:update
  • templates:all:delete
  • templates:me:create
  • templates:me:read
  • templates:me:update
  • templates:me:delete
  • tokens:all:create
  • tokens:all:read
  • tokens:all:update
  • tokens:all:delete
  • tokens:me:create
  • tokens:me:read
  • tokens:me:update
  • tokens:me:delete
  • users:all:create
  • users:all:read
  • users:all:update
  • users:all:delete
  • users:me:create
  • users:me:read
  • users:me:update
  • users:me:delete
  • vault:all:create
  • vault:all:read
  • vault:all:update
  • vault:all:delete
  • vault:me:create
  • vault:me:read
  • vault:me:update
  • vault:me:delete