Managing privileges
The privileges a user has determine which resources the user can access/modify and which parts of the frontend are accessible. Privileges can be configured on user groups , so the privileges of a user depend on the groups they are a member of.
Available privileges
Almost every endpoint that requires authentication also needs the user to have a certain privilege to authorize them to access or modify a resource. Below is a general overview of what you can access/modify with which privileges.
All privileges group certain aspects of Factry Historian together and are split into a READ
and MANAGE
privilege.
Measurements
- View/manage measurements and calculations
- Query time series data of the measurement
- View measurement logs
- View/manage measurement labels
- Export measurement data to parquet
It’s recommended to at a minimum also include read privileges for time series databases and collectors, otherwise the frontend might not work as expected.
Collectors
- View/manage collectors
- View collector logs
Time series databases
- View/manage time series databases
- View available time series database types
External databases
- View/manage external databases
Assets
- View/manage assets
- View/manage asset properties
It’s recommended to at a minimum also include read privileges for event configurations, otherwise the frontend might not work as expected.
Events
- View/manage events
- View/manage manual entries
Event configurations
- View/manage event types
- View/manage event type properties
- View/manage event configurations
- View/manage event property configurations
Organizations
- View/manage organizations
Users
- View/manage users
- View/manage user and service tokens
User groups
- View/manage user groups
- View/manage user group privileges
- View/manage user group membership
- View/manage authentication provider to user group mapping
Privileges
- View/manage available privileges
Audit logs
- View audit logs
Audit logs can not be managed via the frontend nor via the API.
Logs
- View application logs
Logs can not be managed via the frontend.
Settings
- View/manage authentication providers
- View/manage settings
- View/manage worker pools/tasks
Sinks
- View/manage sinks
- View/manage forwarders
Task schedulers
- View/manage task schedulers
Authentication providers and server wide settings can only be managed if you have the MANAGE_SETTINGS
privilege in the
root organization
.
Pre-defined sets of privileges
These pre-defined sets of privileges are used when creating the default groups for an organization.
Administrator
- Read and manage measurements
- Read and manage collectors
- Read and manage time series databases
- Read and manage assets
- Read and manage events
- Read and manage event configurations
- Read users
- Read and manage user groups
- Read and manage privileges
- Read audit logs
- Read and manage settings
- Read and manage external databases
- Read and manage sinks/forwarders
- Read and manage task schedulers
Manager
- Read and manage measurements
- Read and manage collectors
- Read and manage time series databases
- Read and manage assets
- Read and manage events
- Read and manage event configurations
- Read and manage external databases
- Read and manage sinks/forwarders
- Read and manage task schedulers
Collector
- Read and manage measurements
- Read and manage collectors