ClearBlade uses a rolls-based permissions model. Roles are created and permissions are assigned to them. Those permissions correspond to operations on various resources.
Note that users may have multiple roles. So, if a user has a role that has certain permissions and has another role that doesn’t, the user will have the permissions, even though one of their roles doesn’t specify them.
Roles can be managed from many different places in the console, but we will focus here on the roles management process under the “Auth” tab.
Each row corresponds to a role in the system. Each system has three pre-defined roles: Authenticated, Anonymous, and Administrator. When you click on “Edit” within a cell in the table, the action is determined by the column in which the cell is contained as follows:
- Collections: You can select a specific collection and set create, read, update, and/or delete permissions for that role on that collection.
- Services: You can select a specific service and specify whether the role has execute permission.
- Users: Here you specify what permissions (CRUD) the role has on the entire users table.
- Message History: Here you specify the CRUD permissions the role has on the message history.
- Push: This specifies whether or not the role can use the push messaging system.
Underlying all Authority in a ClearBlade IoT Solution are Roles. Roles define what capability users and devices will have. To manage roles from the Developer Console select your System and the select Roles from the menu. On the roles page a list of existing roles are displayed. In clearblade systems can grant anonymous access which will automatically apply the anonymous role, users and devices when created are by default given the Authenticated Role and the Administrator role exists for accelerated authorities you may wish to grant. To add a new role click the Add Role button. In the dialog that opens provide a name and description the role and its intent. Click Create Role to complete the creation process
Each role has a unique set of privileges to the assets in a system. View a roles permissions by clicking on the name of the role. The top section provides granular control of indivdiual permission to individual permissions for Collections, services, and portals. Click on the label Collections to open its details. Review the existing permissions and check or uncheck fields to alter the role. Click the Collections label once more to compress the details. Click Save and exit to finalize your changes.
Roles have the ability to grant wide permissions to across your entire system. From the specific page these roles scroll to the bottom to see the various global setting. To grant a role acesss new users, check the read permission. To let a device get message history provide the read permission, to allow a user to update an existing trigger check the update permission. Click Save and Exit to finalize your changes. Roles on assets may also be changed from the the asset pages directly under their settings option
Assign to User
After roles have been created and defined they must be assigned to users and devices. To assign a user to a role click the users menu option to view the user page. Next to a user find the settings icon and choose Edit Roles. In the dialog choose the role and click Add Role. Click update roles to apply the change. Remember ClearBlade uses the most permissive sum of all permissions when granting capability.
Assign to Devices
Devices are granted roles to control what access indivdual machines and sensors are capable of doing in your IoT solution. To assign a device a role, select the devices label from the menu. In the device table find a device and select the setting option. In the dropdown choose edit roles. In the dialog select the desired role and click Add Role. Finish updating by clicking Update Roles.