User Roles

The Unwired Edge Cloud Console has a role-based access control system. This means that users can be assigned different roles that grant them multiple different permissions to access and execute certain actions in the console and in the API.

Roles are always assigned to a user and a customer (tenant). This means that a user can have different roles in different customers. The roles are predefined and cannot be changed or extended.

In the following section we explain the most important roles and their permissions. The role selection also allows roles that are specifically designed for API keys. These roles are most likely not relevant for the console.

Roles

General

  • All roles can create or manage API keys that are equally or less powerful than the role itself.

  • All roles can access the API and the developer playground.

    • So all permissions of the roles are also applicable to the API.

  • All roles can log in to the Unwired Edge Cloud Console.

  • Every user is allowed to create new customers (tenants) and assign roles to other users.

    • The creator will obtain the role Customer Admin in the new customer.

  • Every user can edit their own profile and change their password.

  • Users cannot change the password or other settings of another user, as they are not necessarily scoped to one customer. Users are managed on a global level.

Portal Reader

This role is designed for users who need to view and analyze the captive portal data.

  • View portal editor (CMS) and portal assignments.

  • View feed status and logs.

  • View analytics of the captive portal.

  • Export CSV reports of lead collections (email addresses).

  • Export CSV reports of group and device WiFi data.

  • Copy Portals to other customers if you have Portal Editor permissions on the target customer.

  • Create and manage API keys with Portal Reader permissions.

Example users: Marketing, Sales, IT departments.

Portal Editor

This role is designed for users who need to create and manage portals and their content. The Portal Editor role can make changes in the portal editor (CMS)

  • All permissions of the Portal Reader role.

  • Create, update, and delete portals and their corresponding pages and widgets.

  • Upload assets like images and videos for the portal.

  • Share portals with other customers.

  • Create and manage API keys with Portal Editor permissions.

Example users: Agenencies, Marketing, IT departments.

Device Reader

The Device Reader role can read all information about devices, groups, and configurations. This role can view all devices, groups, and configurations, but cannot change or delete them.

  • View devices, groups, and configurations.

  • View Telemetry data of devices.

  • View data in the Metrics API.

  • Export CSV reports of group and device WiFI data.

  • View MTSG License information.

  • Download connection configurations for devices (OpenVPN, CloudLink)

Example users: Employees in workshop, external workers, train manufacturers.

Device Editor

The Device Editor role can manage devices, groups, and configurations. This role can create, update, and delete devices, groups, and configurations. It can also manage the device configuration and firmware updates.

  • All permissions of the Device Reader role.

  • Create, update, and delete devices, groups, and configurations.

  • Upload and manage container images for devices.

Example users: System administrators, network technicians, IT departments.

Customer Admin

The Customer Admin role is the most powerful role in the Unwired Edge Cloud Console. It has full access to all features and settings of the console. This role can manage all users, devices, groups, and configurations, it includes all other user roles.

  • All permissions of the Portal Editor role.

  • All permissions of the Device Editor role.

  • Buy and manage MTSG licenses.

  • Manage roles and permissions of other users in the customer.

    • Includes inviting new users to the customer.

  • Manage the customer settings.

Usual: Project managers, system administrators, integrators.

3rd Party Device Provisioning (API Key)

This role is designed for API keys that are used for device provisioning and retrieving the device configuration with the MTSG API, e.g. with the EXTERNAL-MTSG device type. Please see APIs for 3rd party devices for more information.

  • Download connection configurations for devices (OpenVPN, CloudLink)

  • Create, update, and delete devices via the MTSG API.

  • Assign MTSG License to devices.