Updates to User roles & Permissions in the Ardexa Cloud
We are updating how users & tokens are granted access to the Ardexa cloud. To date, users have been given a role, which enables them to perform a standard set of actions against the Ardexa cloud. Today is the start of a migration to a permissions-based system, where users can be individually granted specific permissions.
The addition of powerful new features to the Ardexa cloud, such as the tunnel, has necessitated a more granular approach to granting access to the platform. Using roles can encourage owners to grant too much access. For instance, a user purely managing user accounts on the Ardexa cloud may not want the ability to use the tunnel. On the other hand, API tokens use a set of scopes that are too fine-grained. Permissions are a middle ground between the simplicity of roles and the fine control of scopes.
What permissions are available?
- Read: general, read-only access to the Ardexa Cloud
- Manage Devices: ability to create, update, delete & move devices
- Coordinate: manage shared searches & dashboards, configure reports.
- Control Devices: configure & upgrade devices; Change network settings, Transfer files & issue commands to devices.
- Discovery: use device discovery commands.
- Tunnel: use the Ardexa tunnel
- Manage access: invite, remove & grant permissions to other users. Manage API tokens & consumers.
What do I need to do?
If you are a workgroup owner, you will need to assign permissions to each of your existing users on the users page. Doing this will ensure that they maintain their access to the cloud when we remove role-based access in the near future. If the existing set of permissions don’t quite meet your needs, contact your account manager or Ardexa support to discuss.
If you are a regular user of the platform, your access will remain unchanged until an owner in your workgroup(s) assigns a new set of permissions to you. When they do, check that you still have access to the features you require.
Existing API tokens will continue to operate as normal until their expiration date. New API tokens will be issued with permissions rather than individual scopes.