In addition to the default roles of Viewer, Operator, and Administrator, you can create custom roles with the permissions and access levels you want. Roles can then be quickly assigned to many users via the use of teams.

🚧
It is highly recommended to start with the settings of a default role and modify its permissions, rather than constructing an entirely new role from scratch.
Setting a resource to None may result in error messages that a user does not have access to a particular resource. Required resources may not be immediately obvious; e.g., when administering events, you will also need administration privileges for commands, as an event can be configured to issue a command. After adding your custom configuration, try the expected workflows for your end user and make sure your permissions are set correctly.

This guide will teach you how to create and configure a custom role for your organization.

Default role permissions

Default role	Permissions set
Viewer	All permissions set to View. Kioskset toNone*.
Operator	All permissions set to Execute. All permissions without an Execute option set to View. Kioskset toNone*.
Administrator	All permissions set to Administer. Kioskset toNone*.

Default role

Permissions set

Viewer

All permissions set to View.

*Kioskset toNone**.

Operator

All permissions set to Execute.
All permissions without an Execute option set to View.

*Kioskset toNone**.

Administrator

All permissions set to Administer.

*Kioskset toNone**.

Step 1: Create a custom role

In Formant, in the upper-left corner, open the menu and click Settings.
Click Roles, and then in the upper-right corner, click Create Role.
Give your new role a name and click Continue.

Step 2: Configure your role

Next, configure your role's permissions:

configuring a custom role — Configuring a custom role.

The following table defines the role's permissions for each permission level.

🚧
See the note for Organization and Kiosk.

Resource	None	View	Execute	Administer
Organization	No access to this resource. This should almost always be set to at least View. A user with no access to the Organization resource will not be able to interact with your Formant organization.	View	N/A	View Create Edit Delete
Users	No access to this resource.	View	N/A	View Create Edit Delete
Devices	No access to this resource.	View	N/A	View Create Edit Delete
Fleets	No access to this resource.	View	N/A	View Create Edit Delete
Roles	No access to this resource.	View	N/A	View Create Edit Delete
Streams	No access to this resource.	View	N/A	View Create Edit Delete
Views	No access to this resource.	View	N/A	View Create Edit Delete
Channels	No access to this resource.	View	N/A	View Create Edit Delete
Comments	No access to this resource.	View	View Create Edit	View Create Edit Delete
Teleop	No access to this resource.	N/A	View Teleoperate device	View Create Edit Delete Teleoperate device
Terminal	No access to this resource.	N/A	Operate device terminal	Enable/disable terminal access
Port Forwarding	No access to this resource.	N/A	Start port forwarding session	Enable/disable port forwarding
Events	No access to this resource.	View	View Mark event as read	View Create Edit Delete Mark event as read To create events, must have Device Administer permission
Commands	No access to this resource.	View	View Run command	View Create Edit Delete Run command
Annotations	No access to this resource.	View	View Create annotation	View Create Edit Delete
Capture	No access to this resource.	N/A	Create capture link	Create capture link
Share	No access to this resource.	N/A	Create share link	Create share link
File Storage	No access to this resource.	N/A	List, query, or download files	Upload files List, query, or download files Delete files
Integrations	No access to this resource.	View	Export data to S3	View Create Edit Delete
Interventions	No access to this resource.	View	N/A	View Create Edit Delete
Key Value Storage	No access to this resource.	View	Create a new key/value pair Retrieve value for given key Delete value for a key	Create a new key/value pair Retrieve value for given key Delete value for a key
Schedules	No access to this resource.	View	N/A	View Create Edit Delete
Kiosk	No access to this resource. This should almost always be set to None. Kiosk mode restricts a user's visibility to a single view. For help setting up Kiosk mode, reach out to our Customer Success team.	Forces the user into kiosk mode.	N/A	Allows the user to administer kiosk mode.
Task Summaries	No access to this resource.	N/A		View Create Edit Delete

When you have your desired set of permissions, continue to Step 3.

Step 3: Configure access levels

You can restrict the entities to which this role, and therefore any user with this role, has access. To do so, click the Restrict Access tab. Assign a set of tags which restricts this role's access to your desired level.

For more information, see Configure access levels.

🚧
A role with no tags associated will have unrestricted access to resources within your organization to which it has View access. The permissions will still be set by what you configured in Step 2.

👋
If you notice an issue with this page or need help, please reach out to us! Use the 'Did this page help you?' buttons below, or get in contact with our Customer Success team via the Intercom messenger in the bottom-right corner of this page, or at [email protected].