How can we add User roles and permissions?

We need custom user roles and permissions. How can we add it? Also need a little help with sending insight data from outside service. Can anyone help me with it?

After login there is three dot on right side corner , click on and choose user , you can send data throuh mqtt.

Hi @binayak87 and welcome to the forum
When you create a user you can flag him as a “restricted user”
Restricted users can only read/write on the assets linked to them, so for example you can create a RestrictedUser01 and link him to asset01, then he’ll see only asset01.
Also remember that you need to flag the single attributes inside the asset, with the configuration item “access restricted read” and “access restricted write”. So for example if asset01 has attribute1, attribute2 and attribute3, and you set it like this:

attribute1: nothing
attribute2: “access restricted read”
attribute3: “access restricted write”, “access restricted read”

he won’t see attribute1, he will read but won’t write on attribute2 and do everything on attribute3

Better explanation at the link below

Actually I want something write:blob and read:blob like permissions to be set, not a restricted user like permission.

I’m sorry, I’m not understanding what you mean.
Can you try to explain in detail what permissions you need to assign?

It’s view:image and write:image like permission.

Hi @pcr,

I do not see any assets for a restricted user. I do not see them in the asset list and not on the map. Thank you for your explanation anyhow. I did the following:

  • I created a separate user in a custom realm
  • I gave the user the role “Restricted user”
  • I linked a couple of assets to that user.
  • I configured in the linked assets a couple of attributes with configuration items “Access Restriced Read” and “Access Public Read”
  • I logged in as the newly created user.
  • I did not see any assets or attributes at all.

Is there something I did wrong in the configuration?

Noticeable fact: the POST call returned statuscode 403 or Forbidden.

I use openremote hash 3a636911b



Hi Peter

You will need to check the “read:asset” check box in his roles aswell as every attribute that you want him to have access to will need a “restricted user” meta attribute set to true.


Thank you for your reply. It works.

I was confused by the description Manager roles. They are Roles and not specific to the manager permissions especially.

I think the naming is probably confusing. In the list with roles, only Read and Write permissions for admin are there as an example.

The Roles represent personas or types of users in the system. Now we have only the Read and Write. They are generalisations of permissions; they are not personas. Examples of personas are: Admin, Account Manager, Client

Anyhow, thank you for your help. I tried to explain why and how I made the mistake. Somebody can learn from it how these graphical user interfaces are perceived by a new system user.