Resources & roles

Resources

Access to the following resources can be managed using roles. This list will continue to be updated as we develop new relevant capabilities.

Resources

Definition

Users

This resource defines CRUD (create, read, update, delete) access to all users.

Devices

This resource defines CRUD (create, read, update, delete) access to all devices.

Channels

This resource defines CRUD (create, read, update, delete) access to Channels.

Views

This resource defines CRUD (create, read, update, delete) access to Views.

Commands

This resource defines CRUD (create, read, update, delete) access to Commands.

Events

This resource defines CRUD (create, read, update, delete) access to Events.

Teleop

This resource defines the ability to configure teleoperate streams, views, and teleoperate devices

Capture

This resource defines the ability to create capture links that can be sent to operators for capturing video from a cell phone into Formant.

Annotation

This resource defines CRUD (create, read, update, delete) access to Annotations.

SSH {webshell, shell}

This resources defines the ability to SSH into a device using a terminal or from a browser using Formant's webshell.

Comment

This resource defines CRUD (create, read, update, delete) access to Comments.

Share

This resource defines the ability to generate web links to historical data or teleoperation in Formant that can be sent to third-party.

Access policies

For convenience, resource access is split to three separate access policy mapping roughly mapping to typical use cases.

  • VIEW - Viewer policy allows users to view the specific resource.
  • EXECUTE - In addition to VIEW, the Execute policy allows users to execute the specific resources.
  • ADMINISTER - The administer policy allows users to administer the specific resource.

Access policy mapping per resource

ResourcesVIEWEXECUTEADMINISTER
User management--CRUD
Device managementView devices-CRUD
ChannelsView data-CRUD
ViewsView data-CRUD
CommandsView commandsRun commandsCRUD
EventsView events-CRUD
Teleop-Teleoperate devicesCRUD
Capture-CREATE Capture linksCREATE Capture links
AnnotationView annotationCreate annotationsCRUD
SSH-SSHEnable/Disable SSH access
CommentsView commentsAdd commentsCRUD comments
Share-Generate Share linksGenerate Share links

Default roles & access

The default roles, Viewer, Operator, Administer, that come with Formant maps directly to each of the above policy.

To create a role that maps to custom capabilities, you can build custom roles that are mapped to different access policies for different resources. For example, you can have a user be an administer of device and have no access to any other resource.

Viewers

Viewers are allowed to view all resources within the organization. They are allowed to view telemetry data, and events. This role is typically used for high-level users, such as, your customers.

ResourcesVIEWEXECUTEADMINISTER
User management---
Device managementView devices--
ChannelsView data--
ViewsView data--
CommandsView commands--
EventsView events--
Teleop---
Capture---
AnnotationView annotation--
SSH---
CommentsView comments--
Share---

Operators

In addition to viewing all resources Operators are allowed to send commands and teleoperate devices

ResourcesVIEWEXECUTEADMINISTER
User management---
Device management---
Channels---
Views---
Commands-Run commands-
Events---
Teleop-Teleoperate devices-
Capture-CREATE Capture links-
Annotation-Create annotations-
SSH-SSH-
Comments-Add comments-
Share-Generate Share links-

Organization administrators (Admins)

Organization administrator is an administrator of all resources. The first user is, by default, an organization administrator. There needs to be at least one organization administrator per organization.

ResourcesVIEWEXECUTEADMINISTER
User management--CRUD
Device managementView devices-CRUD
ChannelsView data-CRUD
ViewsView data-CRUD
CommandsView commandsRun commandsCRUD
EventsView events-CRUD
Teleop-Teleoperate devicesCRUD
Capture-CREATE Capture linksCREATE Capture links
AnnotationView annotationCreate annotationsCRUD
SSH-SSHEnable/Disable SSH access
CommentsView commentsAdd commentsCRUD comments
Share-Generate Share linksGenerate Share links

Creating custom roles or scoping down access further

If any of the above roles do not suffice, customers can create their own custom roles and assign access policy. For more details, see the custom roles section.

Scope limits access to the capabilities further down to the subset of resources within Formant. Scope can be applied to groups or to individual users or both. Access to the following resources can be scoped down further. For example, a user might have VIEW access to all resources, but only scoped to certain devices defined by tags.

For more details, see the scoping down access section.


Did this page help you?