Now that we've created a device and users, we can specify access levels for those users. We'll accomplish this by using roles and tags.

Roles

As we learned in Users, roles, and teams, when you add a new user to your team, you'll select a role for that user. You can create a custom role, or use one of the default Formant roles:

Tags

A tag is a key-value pair which defines a relationship between two entities in Formant. Among their many uses, tags can be used to group devices and restrict user access to certain devices.

Only entities with the same tags can see each other in Formant.

For example, if a user has the tag device-type: spot applied, that user will only be able to see and interact with devices which also have the tag device-type: spot.

Tagging users

Applying tags to a user limits that user's access to other entities in your Formant organization. A user with no tags applied will have access to all entities in a Formant organization.

📘

A user with an Administrator role has access to all entities in a Formant organization, regardless of tag configuration.

Tagging devices

Applying tags to a device increases other entities' access to it in Formant. Adding a tag to a device allows all users with that tag to see that device.

Devices have access to all views which have at least one tag in common with the device, or which have no tags applied. A device with no tags applied will be able to access all views.

Tagging views

Applying tags to a view increases other entities' access to it in Formant. Adding a tag to a view allows all users and devices with that tag to use that view.

Applying tags

Step 1: Create a tag

1. In Formant, in the upper-left corner, open the menu and go to Settings >> Tags.
2. In the upper-right corner, click the Add Tag button. Give your tag a name and click Continue. This name is your tag key (e.g., device-type).

Step 2: Apply a tag to a device

1. In the tag configuration screen, click the Choose Devices tab.
2. Set the tag value you want to apply to your devices (e.g., spot). Click Continue.
3. Select the device(s) to which you want to apply the tag. Click Continue.
4. Click Apply to confirm your changes. Your tag key and value will be applied to your device(s) (e.g., device-type: spot).

Step 3: Apply a tag to a user

Now that we have applied the tag to our devices, we must configure users with the same tags. This will limit user visibility to devices with matching tags.

1. If continuing from Step 2, click the back arrow and then go to Users. Otherwise, in Formant, in the upper-left corner, open the menu and go to Settings >> Users.
2. Select the user to whom you want to apply the tag. Click Show advanced settings and enter the tag key and value you generated in Steps 1 and 2 (e.g., device-type: spot). Alternately, you can click Restrict Access and use this view to see existing tags in your organization and apply them to this user.
3. Use the Restrict Access tab to check your work. When you're done, click Save.

The user will now only have access to devices with the same tags.

Best practices

• It can be useful to set up and use test users to change tags and test access. If you are an administrator, your account will not reflect tag-based access rules, since administrators have access to everything in the organization.
• In order to limit a user’s access, first make sure they have the appropriate tag assigned. Next, ensure that the device and view both also contain the tag assigned to the user.
• The tag-based filter at the top of certain pages (such as Settings >> Devices or Settings >> Views) will only show tags which are already applied to the entity currently being configured. For example, if you are looking at a view's settings, you will only be able to filter for tags which are already applied to the view.
• If you are dividing resources in your Formant organization between user bases who should not have access to each other, it is required to give each user base a unique tag key, rather than different values for the same key. This is because some entities in Formant do not support selecting multiple values for a given key. For example, if you want a default view to be visible by both Customer A and Customer B, you would want to use a configuration like: customerA: true and customerB: true, and NOT a configuration like: client: customerA and client:customerB .

Example

Suppose your organization has three devices:

...and three users:

You want spot-viewer-all to be able to view all Spot devices, but not operate any of them. You do not want spot-viewer-all to be able to view the Fido device.

You want spot-2-operator to be able to operate only spot-2. You do not want spot-2-operator to be able to view or operate spot-1 or fido.

You create the following tags: device-type and device-id. You apply them as follows:

You then navigate to your Users and apply the following tags:

Because spot-viewer-all, spot-1, and spot-2 all have the tag device-type: spot, these entities are visible to each other in Formant.

Because spot-2-operator and spot-2 both have the tag device-id: spot-2, these entities are visible to each other in Formant.

Because admin has no tags, it is able to see all entities within the organization.

👋

If you notice an issue with this page or need help, please reach out to us! Use the 'Did this page help you?' buttons below, or get in contact with our Customer Success team via the Intercom messenger in the bottom-right corner of this page, or at [email protected].