Ai-OPs
// Home// About// Platform// Marketplace// Developer// Support// License
// Portal
Docs
/
System
/

Roles & Permissions

Roles & Permissions

Navigate to System > Roles to manage access control. The page uses a split layout — roles listed on the left, details on the right.

Access Levels

Every user falls into one of three access levels:

LevelDescription
SuperuserFull access to everything. Bypasses all permission checks. Cannot be assigned a role.
RoleCustom permissions defined by an administrator. A user can belong to one role at a time.
View OnlyDefault level for users not assigned to any role. Read-only access — can view data but cannot make changes.

Built-In Entries

Two entries always appear in the role list and cannot be deleted:

  • Superusers — lists all users with superuser privileges. Superuser status is set at the account level, not through role assignment.
  • View Only — lists all users who have no role assigned. This is the default access level.

Creating a Role

  1. Click Create Role
  2. Enter a Role Name
  3. Optionally select Base Permissions to copy permissions from an existing role
  4. Click Create Role

The new role starts with no users. Add users and configure permissions from the role detail panel.

Role Detail

Select a role from the list to view its details. The detail panel has two tabs.

Users Tab

Shows all users assigned to this role. From here you can:

  • Add users — click Add User and select from a multi-select dropdown. Users already in another role will be moved to this one (a warning is shown).
  • Remove users — click the remove button on a user row. The user moves to View Only.

Permissions Tab

Permissions are organized by category (Devices, Tags, Models, Bindings, System, etc.). Each category is an expandable section showing toggle switches for individual permissions.

A badge on each category header shows the count of enabled permissions (e.g., "3/4").

Toggle the switches to grant or revoke permissions, then click Save Changes. All users in the role immediately receive the updated permissions.

Managing Roles

Editing a Role

Click the edit button in the role detail header to rename the role.

Duplicating a Role

Open the role's menu (three-dot icon) and select Duplicate Role. A new role is created with the same permissions and a name like "Original Name (Copy)".

Deleting a Role

Open the role's menu and select Delete Role. A confirmation dialog shows how many users will be moved to View Only. Built-in entries (Superusers, View Only) cannot be deleted.

Permission Categories

Permissions are grouped by domain and entity type:

Data Collection

CategoryTypical Permissions
DevicesAdd, change, delete, view
TagsAdd, change, delete, view
Device SetsAdd, change, delete, view
ProtocolsChange, view

AI & Automation

CategoryTypical Permissions
AI ModelsAdd, change, delete, view
Scan GroupsAdd, change, delete, view
Component LibrariesAdd, change, delete, view
Component EnvironmentsAdd, change, delete, view

Visualization

CategoryTypical Permissions
TrendsAdd, change, delete, view
DashboardsAdd, change, delete, view

System

CategoryTypical Permissions
System AdministrationManage users, roles, services
System SettingsView and change system settings
EventsView event log

API Access

CategoryTypical Permissions
API ClientsAdd, change, delete, view

Each permission controls a specific action. For example, a user with "Can change device" can edit device settings, but cannot delete devices unless they also have "Can delete device".

Typical Workflow

  1. Create roles for your team — e.g., "Operator" (view + limited control), "Engineer" (full device/tag/model access), "Admin" (everything)
  2. Configure permissions on each role using the toggle switches
  3. Create user accounts and assign each user to the appropriate role
  4. Adjust as needed — add or remove permissions from roles, move users between roles

What's Next

  • Users — create accounts and assign roles
UsersAPI Clients