Configure access levels

Now that we've created a device and users, we can specify access levels for those users. We'll accomplish this by using roles and tags.

Roles

As we learned in Add teammates, when you add a new user to your team, you'll select a role for that user:

RoleAccess level
ViewerAble to view data for specified devices.
OperatorAble to view data for, and teleoperate, specified devices.
AdministratorAble to view data for, and teleoperate, all devices. Able to add and modify views and modules, users, tags, devices, etc.

You can also create custom roles and configure their privileges. For more information, see Custom roles.

Tags

A tag is a key-value pair which defines a relationship between two entities in Formant. Among their many uses, tags can be used to group devices and restrict user access to certain devices. Only entities with the same tags can see each other in Formant.

For example, if a user has the tag device-type: spot applied, that user will only be able to see and interact with devices which also have the tag device-type: spot.

๐Ÿ“˜

A user in Formant with no tags applied will have access to all entities within the organization.

Applying tags

Step 1: Create a tag

  1. In Formant, in the upper-left corner, open the menu and go to Settings >> Tags.
  2. In the upper-right corner, click the Add Tag button. Give your tag a name and click Continue. This name is your tag key (e.g., device-type).

Step 2: Apply a tag to a device

  1. In the tag configuration screen, click the Choose Devices tab.
  2. Set the tag value you want to apply to your devices (e.g., spot). Click Continue.
  3. Select the device(s) to which you want to apply the tag. Click Continue.
  4. Click Apply to confirm your changes. Your tag key and value will be applied to your device(s) (e.g., device-type: spot).

Step 3: Apply a tag to a user

Now that we have applied the tag to our devices, we must configure users with the same tags. This will limit user visibility to devices with matching tags.

  1. If continuing from Step 2, click the back arrow and then go to Users. Otherwise, in Formant, in the upper-left corner, open the menu and go to Settings >> Users.
  2. Select the user to whom you want to apply the tag. Click Show advanced settings and enter the tag key and value you generated in Steps 1 and 2 (e.g., device-type: spot). Alternately, you can click Restrict Access and use this view to see existing tags in your organization and apply them to this user.
  3. Use the Restrict Access tab to check your work. When you're done, click Save.

The user will now only have access to devices with the same tags.

Example

Suppose your organization has three devices:

Device nameDevice type
spot-1Spot
spot-2Spot
fidoFido

...and three users:

User nameRole
spot-viewer-allViewer
spot-2-operatorOperator
adminAdministrator

You want spot-viewer-all to be able to view all Spot devices, but not operate any of them. You do not want spot-viewer-all to be able to view the Fido device.

You want spot-2-operator to be able to operate only spot-2. You do not want spot-2-operator to be able to view or operate spot-1 or fido.

You create the following tags: device-type and device-id. You apply them as follows:

Device nameTag configuration
spot-1device-type: spot, device-id: spot-1
spot-2device-type: spot, device-id: spot-2
fidodevice-type: fido, device-id: fido-1

You then navigate to your Users and apply the following tags:

User nameTag configuration
spot-viewer-alldevice-type: spot
spot-2-operatordevice-id: spot-2
adminNo tags applied.

Because spot-viewer-all, spot-1, and spot-2 all have the tag device-type: spot, these entities are visible to each other in Formant.

Because spot-2-operator and spot-2 both have the tag device-id: spot-2, these entities are visible to each other in Formant.

Because admin has no tags, it is able to see all entities within the organization.

๐Ÿ“˜

If you notice an issue with this page or need help, please reach out to us! Use the 'Did this page help you?' buttons below, or get in contact with our Customer Success team via the Intercom messenger in the bottom-right corner of this page, or at [email protected].