Create a custom role

In addition to the default roles of Viewer, Operator, and Administrator, you can create custom roles with the permissions and access levels you want. Roles can then be quickly assigned to many users via the use of teams.

🚧

It is highly recommended to start with the settings of a default role and modify its permissions, rather than constructing an entirely new role from scratch.

Setting a resource to None may result in error messages that a user does not have access to a particular resource. Required resources may not be immediately obvious; e.g., when administering events, you will also need administration privileges for commands, as an event can be configured to issue a command. After adding your custom configuration, try the expected workflows for your end user and make sure your permissions are set correctly.

This guide will teach you how to create and configure a custom role for your organization.

Default role permissions

The default role permissions are as follows:

Viewer

  • All permissions set to View.
  • Kiosk set to None.

Operator

  • All permissions set to Execute.
  • All permissions without an Execute option set to View.
  • Kiosk set to None.

Administrator

  • All permissions set to Administer.
  • Kiosk set to None.

Step 1: Create a custom role

  1. In Formant, in the upper-left corner, open the menu and click Settings.
  2. Click Roles, and then in the upper-right corner, click Create Role.
  3. Give your new role a name and click Continue.

Step 2: Configure your role

Next, configure your role's permissions:

configuring a custom role

Configuring a custom role.

The following table defines the role's permissions for each permission level.

🚧

See the note for Organization and Kiosk.

ResourceNoneViewExecuteAdminister
OrganizationNo access to this resource.

This should almost always be set to at least View. A user with no access to the Organization resource will not be able to interact with your Formant organization.
ViewN/A- View
- Create
- Edit
- Delete
UsersNo access to this resource.ViewN/A- View
- Create
- Edit
- Delete
DevicesNo access to this resource.ViewN/A- View
- Create
- Edit
- Delete
FleetsNo access to this resource.ViewN/A- View
- Create
- Edit
- Delete
RolesNo access to this resource.ViewN/A- View
- Create
- Edit
- Delete
StreamsNo access to this resource.ViewN/A- View
- Create
- Edit
- Delete
ViewsNo access to this resource.ViewN/A- View
- Create
- Edit
- Delete
ChannelsNo access to this resource.ViewN/A- View
- Create
- Edit
- Delete
CommentsNo access to this resource.View- View
- Create
- Edit
- View
- Create
- Edit
- Delete
TeleopNo access to this resource.N/A- View
- Teleoperate device
- View
- Create
- Edit
- Delete
- Teleoperate device
TerminalNo access to this resource.N/AOperate device terminalEnable/disable terminal access
Port ForwardingNo access to this resource.N/AStart port forwarding sessionEnable/disable port forwarding
EventsNo access to this resource.View- View
- Mark event as read
- View
- Create
- Edit
- Delete
- Mark event as read
CommandsNo access to this resource.View- View
- Run command
- View
- Create
- Edit
- Delete
- Run command
AnnotationsNo access to this resource.View- View
- Create annotation
- View
- Create
- Edit
- Delete
CaptureNo access to this resource.N/A- Create capture link- Create capture link
ShareNo access to this resource.N/A- Create share link- Create share link
File StorageNo access to this resource.N/A- List, query, or download files- Upload files
- List, query, or download files
- Delete files
IntegrationsNo access to this resource.View- Export data to S3- View
- Create
- Edit
- Delete
InterventionsNo access to this resource.ViewN/A- View
- Create
- Edit
- Delete
Key Value StorageNo access to this resource.View- Create a new key/value pair
- Retrieve value for given key
- Delete value for a key
- Create a new key/value pair
- Retrieve value for given key
- Delete value for a key
SchedulesNo access to this resource.ViewN/A- View
- Create
- Edit
- Delete
KioskNo access to this resource.

This should almost always be set to None.

Kiosk mode restricts a user's visibility to a single view. For help setting up Kiosk mode, reach out to our Customer Success team.
Forces the user into kiosk mode.N/AAllows the user to administer kiosk mode.
Task SummariesNo access to this resource.N/A- View
- Create
- Edit
- Delete

When you have your desired set of permissions, continue to Step 3.

Step 3: Configure access levels

You can restrict the entities to which this role, and therefore any user with this role, has access. To do so, click the Restrict Access tab. Assign a set of tags which restricts this role's access to your desired level.

For more information, see Configure access levels.

🚧

A role with no tags associated will have unrestricted access to resources within your organization to which it has View access. The permissions will still be set by what you configured in Step 2.

πŸ‘‹

If you notice an issue with this page or need help, please reach out to us! Use the 'Did this page help you?' buttons below, or get in contact with our Customer Success team via the Intercom messenger in the bottom-right corner of this page, or at [email protected].