Everyware Cloud employs a centralized Role-Based Access Control (RBAC) security model where each account may have multiple users and each user may be granted a different set of permissions. Permissions can be grouped under a role and roles can be assigned to users. When a users connects to the Everyware Cloud, its role and permissions will determine the set of functionality available.
When configuring the access control of a new user, Eurotech recommends to follow the security principle of the least privilege by granting only the minimum set of permissions required by users to perform their functionality. For example, when creating a new user for devices to connect to the Everyware Cloud, the "broker:connect" permissions is sufficient. In another example, an IT application which integrates the data collected in the Everyware Cloud to other Enterprise applications through the REST APIs may only need data:view and data:manage permissions.
Permissions can be grouped under a role and roles can be assigned to users. To review the roles assigned to a user, enter the Users section in the Everyware Cloud Console, select the target user and open the Roles tab.
Click on the Add button to assign a role to a user.
To remove the assignment of a role to a user, enter the Users section in the Everyware Cloud Console and select the target user. Then, select the role you want to revoke and click the Delete button.
Account administrators can manage role definitions by entering the Roles section in the Everyware Cloud Console, select the target user and open the Roles tab.
Account administrators can create new role definitions by grouping a set of permission. In the Roles section of the Everyware Cloud Console, click on the Add button. Enter the name of the new Role and create it.
Select the newly created role and navigate to the Permissions tab to add and remove permission to the role.
Account administrators can edit existing role definitions. The role name can be updated by using the role edit dialog. From the Permission tab, the role definition can be changed by adding and removing permissions to the role.
Account administrators can delete an existing role definition. In the Roles section of the Everyware Cloud Console, select the role to be deleted and click on the Delete button.
Updated about 2 years ago