Skip to main content
Skip table of contents

Manage Users in a project (Enterprise)

A new user is registered after activating the ClearBlade IoT Core offering from the Google Cloud Marketplace. That user has permission to connect Google Cloud projects and migrate or create new device registries.

The following steps are needed to grant / revoke permissions for creating/updating/deleting device registries to registered users and service accounts:

To Add/Edit/Delete Users

  1. Open the project selector window (drop-down at the top of the page).

    image-20240126-202718.png

  2. Click the edit icon (image-20240429-185348.png) to update the project area settings.

  3. Select the second tab, PRINCIPAL MANAGEMENT.

    image-20250814-182433.png

  4. Click ADD and select User:

    image-20250814-182745.png

    1. Provide the User email, select Roles, and click CREATE.

      image-20250814-183030.png

      The user must be one already registered in ClearBlade IoT Core.


To edit a User, click the edit icon (image-20240429-185348.png) to the right.
To delete a User, select the checkbox (left), click Remove (top-right) then confirm by clicking REMOVE in the modal:

image-20250814-185813.png


Roles

The following table describes the permissions of roles that can be assigned to Users and Service Accounts.

Role Name

Id

Permissions

Levels Assignable

Cloud IoT Viewer

roles/cloudiot.viewer

  • cloudiot.registries.get

  • cloudiot.registries.list

  • cloudiot.devices.get

  • cloudiot.devices.list

Project level, Registry level

Cloud IoT Device Controller

roles/cloudiot.deviceController

  • all permissions from Cloud IoT Viewer

  • cloudiot.devices.updateConfig

  • cloudiot.devices.sendCommand

Project level, Registry level

Cloud IoT Provisioner

roles/cloudiot.provisioner

  • all permissions from Cloud IoT Device Controller

  • cloudiot.devices.create

  • cloudiot.devices.delete

  • cloudiot.devices.update

Project level, Registry level

Cloud IoT Editor

roles/cloudiot.editor

  • all permissions from Cloud IoT Provisioner

  • cloudiot.registries.create

  • cloudiot.registries.delete

  • cloudiot.registries.update

  • cloudiot.registries.migrate

Project level, Registry level

Cloud IoT Admin

roles/cloudiot.admin

  • all permissions from Cloud IoT Editor

  • cloudiot.registries.getIamPolicy

  • cloudiot.registries.setIamPolicy

  • cloudiot.projects.update

  • cloudiot.projects.delete

  • cloudiot.projects.updateUsers

  • cloudiot.projects.updateServiceAccounts

  • cloudiot.projects.listPrincipals

  • cloudiot.projects.deleteServiceAccounts

  • cloudiot.projects.createServiceAccounts

Project level

Cloud IoT Project Admin

roles/project.admin

  • all permissions from Cloud IoT Admin

Project level (or higher perhaps if that concept gets created)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close