Permission Levels
A permission level defines if access to some resource is allowed. It works like this: if the permission level of a user requesting access includes the permission level of the requested resource, access is granted. Otherwise, it is denied.
Iotellect Server operates with the following permission levels:
Permission Level | Includes | Comments |
None | None | No permissions assigned. This permission level is assigned to any user who tries to access the system without a prior login. Very few operations may be executed with this permission level, such as the login operation, registration of new user account (if the Enable users self-registration global configuration option is enabled) etc. |
Observer | None, Observer | The minimal permission level possible. Basically, this level allows to view most information, but no data modification is possible. It can be also useful to give someone "demo" permissions to view certain objects. Observers may view device settings and events, but cannot configure devices and execute operations provided by hardware. |
Operator | None, Observer, Operator | This is the permission level most everyday users should have. It allows viewing most non-system data and performing some basic data modification operations. Operators may configure hardware devices and execute device-provided operations, but cannot create/delete devices or edit device communication and data processing settings. |
Manager | None, Observer, Operator, Manager | This permission level allows all data browsing and editing activities like managing hardware devices, editing reports templates, creating and managing alerts, etc. |
Engineer | None, Observer, Operator, Manager, Engineer | The level that allows all operations with non-system data, including potentially dangerous operations, like running scripts. This permission levels should be assigned to system engineers. |
Administrator | None, Observer, Operator, Manager, Engineer, Administrator | This permission level allows the execution of administrative actions: make changes to Iotellect Server global configuration, stop/restart the server, manage user accounts, etc. Basically, if a user has Administrator permission level within a context, they can do everything with this context. |
If you wish to check what permission level is required to access a particular context, variable, function, event or action, please see Context Reference.
 | It may seem counter-intuitive that Events have permission levels. After all, an event just happens, whether you like it or not. A Device disconnects from the system -- that's an event. It's a fact of life, you might say. But you can select whether you want someone to be able to view the event or monitor it -- and this is what event permissions do. They let you determine who may see the event in the Event Log, create Alerts for this event, etc. |
 | Advanced information: To understand what we mean when we say a permission includes another permission, you're going to have to think about permissions as binary bitmasks. If you're not sure what a bitmask is, please see http://en.wikipedia.org/wiki/Bitmask. A permission level is internally expressed as a bitmask. For example, the internal bitmask for None is 00000000, while for Observer it is 00000001, and for Administrator is 00011111. So, as you see, the Administrator mask (it's a mask - not just a number) includes the Observer and None masks, because it has a 1 in every position where the other masks have 1. This method is used because it is more versatile and powerful than just a numeric scale (i.e, None is 0, Observer is 1, etc). |
Example 1
If the permission level of a user requesting access to a certain resource is Manager and the required permission level for the resource is Admin, access will be denied because Manager level does not include Admin.
Example 2
If the permission level of a user requesting access to a certain resource is Manager and required the permission level for the resource is Manager, access will be granted because Manager level includes Manager.
Was this page helpful?