ClearBlade IoT Core

Manage Service Accounts in a project (Enterprise)

The following steps are needed to grant/revoke permissions for creating/updating/deleting device registries to service accounts:

To Add/Edit/Delete Service Accounts

  1. Open the project selector window (drop-down at the top of the page).

    image-20240126-202718.png
  2. Click the edit icon ( image-20240429-185348.png ) to update the project area settings.

  3. Select the second tab, PRINCIPAL MANAGEMENT.

    image-20250814-182433.png
  4. Click ADD and select Service Account:

    image-20250814-182745.png

Provide the Name, Description, select Roles, and click CREATE.


To edit a Service Account, click the Edit icon (Pencil) to the right.
To download a Service Account credentials click the Download icon to the right.
To delete a Service account, select the checkbox (left), click Remove (top-right) then confirm by clicking REMOVE in the modal:

image-20250814-185813.png


Roles

The following table describes the permissions of roles that can be assigned to Users and Service Accounts.

Role Name

Id

Permissions

Levels Assignable

Cloud IoT Viewer

roles/cloudiot.viewer

  • cloudiot.registries.get

  • cloudiot.registries.list

  • cloudiot.devices.get

  • cloudiot.devices.list

Project level, Registry level

Cloud IoT Device Controller

roles/cloudiot.deviceController

  • all permissions from Cloud IoT Viewer

  • cloudiot.devices.updateConfig

  • cloudiot.devices.sendCommand

Project level, Registry level

Cloud IoT Provisioner

roles/cloudiot.provisioner

  • all permissions from Cloud IoT Device Controller

  • cloudiot.devices.create

  • cloudiot.devices.delete

  • cloudiot.devices.update

Project level, Registry level

Cloud IoT Editor

roles/cloudiot.editor

  • all permissions from Cloud IoT Provisioner

  • cloudiot.registries.create

  • cloudiot.registries.delete

  • cloudiot.registries.update

  • cloudiot.registries.migrate

Project level, Registry level

Cloud IoT Admin

roles/cloudiot.admin

  • all permissions from Cloud IoT Editor

  • cloudiot.registries.getIamPolicy

  • cloudiot.registries.setIamPolicy

  • cloudiot.projects.update

  • cloudiot.projects.delete

  • cloudiot.projects.updateUsers

  • cloudiot.projects.updateServiceAccounts

  • cloudiot.projects.listPrincipals

  • cloudiot.projects.deleteServiceAccounts

  • cloudiot.projects.createServiceAccounts

Project level

Cloud IoT Project Admin

roles/project.admin

  • all permissions from Cloud IoT Admin

Project level (or higher perhaps if that concept gets created)