Resources & roles
Resources
Access to the following resources can be managed using roles. This list will continue to be updated as we develop new relevant capabilities.
| Resources | Definition |
|---|---|
| Users | This resource defines CRUD (create, read, update, delete) access to all users. |
| Devices | This resource defines CRUD (create, read, update, delete) access to all devices. |
| Channels | This resource defines CRUD (create, read, update, delete) access to Channels. |
| Views | This resource defines CRUD (create, read, update, delete) access to Views. |
| Commands | This resource defines CRUD (create, read, update, delete) access to Commands. |
| Events | This resource defines CRUD (create, read, update, delete) access to Events. |
| Teleop | This resource defines the ability to configure teleoperate streams, views, and teleoperate devices |
| Capture | This resource defines the ability to create capture links that can be sent to operators for capturing video from a cell phone into Formant. |
| Annotation | This resource defines CRUD (create, read, update, delete) access to Annotations. |
| SSH {webshell, shell} | This resources defines the ability to SSH into a device using a terminal or from a browser using Formant's webshell. |
| Comment | This resource defines CRUD (create, read, update, delete) access to Comments. |
| Share | This resource defines the ability to generate web links to historical data or teleoperation in Formant that can be sent to third-party. |
Access policies
For convenience, resource access is split to three separate access policy mapping roughly mapping to typical use cases.
- VIEW - Viewer policy allows users to view the specific resource.
- EXECUTE - In addition to VIEW, the Execute policy allows users to execute the specific resources.
- ADMINISTER - The administer policy allows users to administer the specific resource.
Access policy mapping per resource
| Resources | VIEW | EXECUTE | ADMINISTER |
|---|---|---|---|
| User management | - | - | CRUD |
| Device management | View devices | - | CRUD |
| Channels | View data | - | CRUD |
| Views | View data | - | CRUD |
| Commands | View commands | Run commands | CRUD |
| Events | View events | - | CRUD |
| Teleop | - | Teleoperate devices | CRUD |
| Capture | - | CREATE Capture links | CREATE Capture links |
| Annotation | View annotation | Create annotations | CRUD |
| SSH | - | SSH | Enable/Disable SSH access |
| Comments | View comments | Add comments | CRUD comments |
| Share | - | Generate Share links | Generate Share links |
Default roles & access
The default roles, Viewer, Operator, Administer, that come with Formant maps directly to each of the above policy.
To create a role that maps to custom capabilities, you can build custom roles that are mapped to different access policies for different resources. For example, you can have a user be an administer of device and have no access to any other resource.
Viewers
Viewers are allowed to view all resources within the organization. They are allowed to view telemetry data, and events. This role is typically used for high-level users, such as, your customers.
| Resources | VIEW | EXECUTE | ADMINISTER |
|---|---|---|---|
| User management | - | - | - |
| Device management | View devices | - | - |
| Channels | View data | - | - |
| Views | View data | - | - |
| Commands | View commands | - | - |
| Events | View events | - | - |
| Teleop | - | - | - |
| Capture | - | - | - |
| Annotation | View annotation | - | - |
| SSH | - | - | - |
| Comments | View comments | - | - |
| Share | - | - | - |
Operators
In addition to viewing all resources Operators are allowed to send commands and teleoperate devices
| Resources | VIEW | EXECUTE | ADMINISTER |
|---|---|---|---|
| User management | - | - | - |
| Device management | - | - | - |
| Channels | - | - | - |
| Views | - | - | - |
| Commands | - | Run commands | - |
| Events | - | - | - |
| Teleop | - | Teleoperate devices | - |
| Capture | - | CREATE Capture links | - |
| Annotation | - | Create annotations | - |
| SSH | - | SSH | - |
| Comments | - | Add comments | - |
| Share | - | Generate Share links | - |
Organization administrators (Admins)
Organization administrator is an administrator of all resources. The first user is, by default, an organization administrator. There needs to be at least one organization administrator per organization.
| Resources | VIEW | EXECUTE | ADMINISTER |
|---|---|---|---|
| User management | - | - | CRUD |
| Device management | View devices | - | CRUD |
| Channels | View data | - | CRUD |
| Views | View data | - | CRUD |
| Commands | View commands | Run commands | CRUD |
| Events | View events | - | CRUD |
| Teleop | - | Teleoperate devices | CRUD |
| Capture | - | CREATE Capture links | CREATE Capture links |
| Annotation | View annotation | Create annotations | CRUD |
| SSH | - | SSH | Enable/Disable SSH access |
| Comments | View comments | Add comments | CRUD comments |
| Share | - | Generate Share links | Generate Share links |
Creating custom roles or scoping down access further
If any of the above roles do not suffice, customers can create their own custom roles and assign access policy. For more details, see the custom roles section.
Scope limits access to the capabilities further down to the subset of resources within Formant. Scope can be applied to groups or to individual users or both. Access to the following resources can be scoped down further. For example, a user might have VIEW access to all resources, but only scoped to certain devices defined by tags.
For more details, see the scoping down access section.
Updated about 1 year ago