User Roles and Permissions
Introduction
In every project on the Renesas IoT Sandbox platform, there are six different types of users. The first three roles (API Basic User, API Registration User, API Business User) have permissions that allow them to access various parts of the API. The other three roles (Web Limited, Web Standard, Web Administrator) allow the user access to various parts of the web pages on the Renesas IoT Sandbox web portal. Below, you can find more information on each type of user.
API Users
API Users are users that have access to Renesas IoT Sandbox’s platform through API endpoints. There are three different types of API Users:
- API Basic User
- API Registration User
- API Business User
Note: API Users for each project are independent i.e. If you change password for API user on one project, it doesn’t change for any other project.
A summary of their permissions is described in the table below:
API Basic User
This role can create/retrieve/update/delete event data, retrieve/update their own user information, and fetch processed events. They cannot log in to the Renesas IoT Sandbox web portal.
There are three ways to create an API Basic User:
- Through the UI
- Go to Setup > Manage Users on the navigation sidebar. Here, you can find a list of all your API Basic Users.
- On the Setup → Manage Users page, click Add New User and fill out the username and password info then save.
- After creating a new user, you should now see it appear on the Manage Users page. You may have to refresh to see this change.
- Using CURL command (for Mac)
- First, you need to login, then you can create the user. Remember to replace the parameters (values in all CAPS) with your credentials.
- Login (with your API Business User credentials):
curl -c cookie_user.txt -i -X POST -d '{"login_id":"API_BUSINESS_LOGIN","password":"API_BUSINESS_PASSWORD","api_key":"APIKEY"}' https://api-renesas-na-sandbox.mediumone.com/v2/login/ --header "Content-Type: application/json"
- Create API Basic User:
curl -b cookie_user.txt -i -X POST -d '{"login_id":"API_BASIC_USERNAME","password":"API_BASIC_PASSWORD"}' https://api-renesas-na-sandbox.mediumone.com/v2/users/ --header "Content-Type: application/json"
- Through the API Explorer
- See the API Explorer Documentation on how to do this.
Creation, updates and deletion of API Basic Users are done exclusively through the Renesas IoT Sandbox API by an API Business User. In addition, API Registration Users can create API Basic Users, but not update or delete.
API Basic Users can also be disabled or enabled. By default, all API Basic Users are enabled once created. If they are disabled, they cannot send any event data nor can any data be sent on their behalf.
To disable an API Basic User:
curl -b cookie_user.txt -i -X PATCH -d '{"disabled":true}' https://api-renesas-na-sandbox.mediumone.com/v2/users/johndoe --header "Content-Type: application/json"
Users that can disable an API Basic User:
- Themselves
- API Registration Users
- API Basic Users
Users that can enable an API Basic User:
- API Registration Users
- API Basic Users
API Registration User
This role can only create API Basic Users. This role is intended for environments such as self-registering a new user from a mobile application.
Creation, updates and deletion of API Registration Users are done through the Manage Administrators web page.
API Business User
This role is a trusted account that can access all API Basic Users’ data and is intended for cloud to cloud integration.
Creation, update and deletion of API Business Users are done through the Manage Administrators web page.
Web Users
Web Users are users that have access to log in to Renesas IoT Sandbox’s web portal. There are three different types of Web Users:
- Web Limited User
- Web Standard User
- Web Administrator
Note:
- Web Users’ usernames must be email addresses. This is where they will receive their temporary login password.
- Web Users can be a part of multiple projects
A summary of their permissions is described in the table below:
Web Limited User
Web Limited User has access to the following areas of Renesas IoT Sandbox’s web portal:
- Dashboard
- Data Viewer
- Account Info
This user is typically used to share a project’s data with someone that would not need to edit view and edit workflows or change permissions for other users.
Web Standard User
Web Standard User has access to the following areas of Renesas IoT Sandbox’s web platform:
- All Web Limited User areas
- Workflow Studio
- Config
This user has access to all of Renesas IoT Sandbox’s web portal with the exception of the ability to manage other users.
Web Administrator
The Web Administrator User has access to the following areas of Renesas IoT Sandbox’s web platform:
- All Web Standard User areas
- Manage Admin/Users
- API Explorer
The user has access to all areas of Renesas IoT Sandbox’s web portal, including managing other web users and our API Explorer. This user can create any other user except a API Basic User (which are created through APIs).