Create a custom role
In addition to the default roles of Viewer, Operator, and Administrator, you can create custom roles with the permissions and access levels you want. Roles can then be quickly assigned to many users via the use of teams.
It is highly recommended to start with the settings of a default role and modify its permissions, rather than constructing an entirely new role from scratch.
Setting a resource to None may result in error messages that a user does not have access to a particular resource. Required resources may not be immediately obvious; e.g., when administering events, you will also need administration privileges for commands, as an event can be configured to issue a command. After adding your custom configuration, try the expected workflows for your end user and make sure your permissions are set correctly.
This guide will teach you how to create and configure a custom role for your organization.
Default role permissions
| Default role | Permissions set |
|---|---|
| Viewer | All permissions set to View. Kiosk set to None. |
| Operator | All permissions set to Execute. All permissions without an Execute option set to View. Kiosk set to None. |
| Administrator | All permissions set to Administer. Kiosk set to None. |
Step 1: Create a custom role
- In Formant, in the upper-left corner, open the menu and click Settings.
- Click Roles, and then in the upper-right corner, click Create Role.
- Give your new role a name and click Continue.
Step 2: Configure your role
Next, configure your role's permissions:
Configuring a custom role.
The following table defines the role's permissions for each permission level.
See the note for Organization and Kiosk.
| Resource | None | View | Execute | Administer |
|---|---|---|---|---|
| Organization | No access to this resource. This should almost always be set to at least View. A user with no access to the Organization resource will not be able to interact with your Formant organization. | View | N/A | - View - Create - Edit - Delete |
| Users | No access to this resource. | View | N/A | - View - Create - Edit - Delete |
| Devices | No access to this resource. | View | N/A | - View - Create - Edit - Delete |
| Fleets | No access to this resource. | View | N/A | - View - Create - Edit - Delete |
| Roles | No access to this resource. | View | N/A | - View - Create - Edit - Delete |
| Streams | No access to this resource. | View | N/A | - View - Create - Edit - Delete |
| Views | No access to this resource. | View | N/A | - View - Create - Edit - Delete |
| Channels | No access to this resource. | View | N/A | - View - Create - Edit - Delete |
| Comments | No access to this resource. | View | - View - Create - Edit | - View - Create - Edit - Delete |
| Teleop | No access to this resource. | N/A | - View - Teleoperate device | - View - Create - Edit - Delete - Teleoperate device |
| Terminal | No access to this resource. | N/A | Operate device terminal | Enable/disable terminal access |
| Port Forwarding | No access to this resource. | N/A | Start port forwarding session | Enable/disable port forwarding |
| Events | No access to this resource. | View | - View - Mark event as read | - View - Create - Edit - Delete - Mark event as read - To create events, must have Device Administer permission |
| Commands | No access to this resource. | View | - View - Run command | - View - Create - Edit - Delete - Run command |
| Annotations | No access to this resource. | View | - View - Create annotation | - View - Create - Edit - Delete |
| Capture | No access to this resource. | N/A | - Create capture link | - Create capture link |
| Share | No access to this resource. | N/A | - Create share link | - Create share link |
| File Storage | No access to this resource. | N/A | - List, query, or download files | - Upload files - List, query, or download files - Delete files |
| Integrations | No access to this resource. | View | - Export data to S3 | - View - Create - Edit - Delete |
| Interventions | No access to this resource. | View | N/A | - View - Create - Edit - Delete |
| Key Value Storage | No access to this resource. | View | - Create a new key/value pair - Retrieve value for given key - Delete value for a key | - Create a new key/value pair - Retrieve value for given key - Delete value for a key |
| Schedules | No access to this resource. | View | N/A | - View - Create - Edit - Delete |
| Kiosk | No access to this resource. This should almost always be set to None. Kiosk mode restricts a user's visibility to a single view. For help setting up Kiosk mode, reach out to our Customer Success team. | Forces the user into kiosk mode. | N/A | Allows the user to administer kiosk mode. |
| Task Summaries | No access to this resource. | N/A | - View - Create - Edit - Delete |
When you have your desired set of permissions, continue to Step 3.
Step 3: Configure access levels
You can restrict the entities to which this role, and therefore any user with this role, has access. To do so, click the Restrict Access tab. Assign a set of tags which restricts this role's access to your desired level.
For more information, see Configure access levels.
A role with no tags associated will have unrestricted access to resources within your organization to which it has View access. The permissions will still be set by what you configured in Step 2.
If you notice an issue with this page or need help, please reach out to us! Use the 'Did this page help you?' buttons below, or get in contact with our Customer Success team via the Intercom messenger in the bottom-right corner of this page, or at [email protected].
Updated 2 months ago