Managing privileges

The privileges a user has determine which resources the user can access/modify and which parts of the frontend are accessible. Privileges can be configured on user groups , so the privileges of a user depend on the groups they are a member of.

Available privileges

Almost every endpoint that requires authentication also needs the user to have a certain privilege to authorize them to access or modify a resource. Below is a general overview of what you can access/modify with which privileges.

All privileges group certain aspects of Factry Historian together and are split into a READ and MANAGE privilege.

Measurements

  • View/manage measurements and calculations
  • Query time series data of the measurement
  • View measurement logs
  • View/manage measurement labels
  • Export measurement data to parquet

It’s recommended to at a minimum also include read privileges for time series databases and collectors, otherwise the frontend might not work as expected.

Collectors

  • View/manage collectors
  • View collector logs

Time series databases

  • View/manage time series databases
  • View available time series database types

External databases

  • View/manage external databases

Assets

  • View/manage assets
  • View/manage asset properties

It’s recommended to at a minimum also include read privileges for event configurations, otherwise the frontend might not work as expected.

Events

  • View/manage events
  • View/manage manual entries

Event configurations

  • View/manage event types
  • View/manage event type properties
  • View/manage event configurations
  • View/manage event property configurations

Organizations

  • View/manage organizations

Users

  • View/manage users
  • View/manage user and service tokens

User groups

  • View/manage user groups
  • View/manage user group privileges
  • View/manage user group membership
  • View/manage authentication provider to user group mapping

Privileges

  • View/manage available privileges

Audit logs

  • View audit logs

Audit logs can not be managed via the frontend nor via the API.

Logs

  • View application logs

Logs can not be managed via the frontend.

Settings

  • View/manage authentication providers
  • View/manage settings
  • View/manage worker pools/tasks

Sinks

  • View/manage sinks
  • View/manage forwarders

Task schedulers

  • View/manage task schedulers

Authentication providers and server wide settings can only be managed if you have the MANAGE_SETTINGS privilege in the root organization .

Pre-defined sets of privileges

These pre-defined sets of privileges are used when creating the default groups for an organization.

Administrator

  • Read and manage measurements
  • Read and manage collectors
  • Read and manage time series databases
  • Read and manage assets
  • Read and manage events
  • Read and manage event configurations
  • Read users
  • Read and manage user groups
  • Read and manage privileges
  • Read audit logs
  • Read and manage settings
  • Read and manage external databases
  • Read and manage sinks/forwarders
  • Read and manage task schedulers

Manager

  • Read and manage measurements
  • Read and manage collectors
  • Read and manage time series databases
  • Read and manage assets
  • Read and manage events
  • Read and manage event configurations
  • Read and manage external databases
  • Read and manage sinks/forwarders
  • Read and manage task schedulers

Collector

  • Read and manage measurements
  • Read and manage collectors