Skip to content

Roles & Permissions

Every user has a single role that controls what they can see and do. An administrator sets a user's role on the Users screen. From least to most access:

Viewer → Editor → Admin → Super-User

Access is enforced on the server

What you can do is checked on the server for every action. Changing what appears in your browser never grants extra access.

At a glance

CapabilityViewerEditorAdminSuper-User
View fleet dashboard & device status
View & reply to support tickets
Control relays (turn on / off)
Add / edit / remove devices
Allocate devices to organizations
Apply a config preset to devices
Create / edit / delete config presets
OTA firmware updates
Rotate device certificates
Manage users (create, set roles)1
Manage organizations
Edit warranty ship-date
Grant Super-User / delete an organization
Cross-organization visibilityscoped 2✅ (all)

1 Admins can manage users up to Admin level; they cannot grant Super-User or change a user ranked above them. 2 Admins act within the organization(s) they are scoped to; Super-Users see the whole platform.

The roles in detail

Viewer

Read-only. Can sign in, see the fleet dashboard and device status, and view and reply to support tickets. A Viewer cannot control relays or change any settings.

Today a Viewer sees the Fleet Dashboard and Support Tickets.

Editor

Everything a Viewer can do, plus day-to-day device control — turning relays on and off. An Editor cannot add, edit, or remove devices and has no access to the admin tools.

Admin

Full operational management within their organization scope:

  • Manage users and organizations
  • Add, edit, and remove devices
  • Allocate stock to organizations
  • Apply config presets, run OTA firmware updates, rotate certificates
  • Use Fleet Management (bulk operations)

Admins view and apply config presets but do not create or edit the presets themselves — that is reserved for Super-Users.

Super-User

Platform-wide access to everything, across all organizations — including the actions reserved from Admins:

  • Create, edit, and delete config presets
  • Edit warranty ship-dates
  • Grant Super-User and delete organizations
  • Full cross-organization visibility

Partner (integration) organizations

Partner access is set at the organization level, not as a user role. When an organization is marked as a partner, its users get time-limited, test-only access — allocate a unit, apply an allowed preset, toggle relays, read status, and OTA-upgrade — scoped to the organizations and presets the platform team permits.

This replaced the earlier per-user "integrator" role. To give someone partner access, mark their organization as a partner rather than changing the individual user's role.