How to define specific user roles?

I want to define specific user roles.

As seen in the picture, “*” is written in the type section, which means “all types”.

Is there a list of types I can write in type section and where can I find it?

Documentation has this…

But c8y is very flexible e.g. you can create ameasurement of whatever type you wish, so there is no definitive list.

1 Like

I recommend this doccumentation
" Add a permission to the role by clicking the plus icon next to the desired category.

In the Type field, specify a type to further restrict the type of data that this permission applies to. Access will be only granted to objects that contain the specified Type.

For example, assume that your device sends measurements related to device management, such as “c8y_SignalStrength”, and actual production measurements. You want a user to only see the device management measurements. In this case, enter “c8y_SignalStrength” as type. …"

1 Like

@y2071 @Robert_Neale

I want to grant an authorization that the user can only create subgroups (no other permissions).

For example, I want to write a property/function type as in the example below.

When we write " * " in type area, all functions (add widget, add dashboard, add sub group) are authorized. it means that if we write a specific function name instead of " * ", we will only allow adding a new group, such as “add group”, and it will not be authorized to other functions.

What is the type of function to add a new group?

Haven’t tested this, but by adding a new group to your tenant and investigating it in the network dev tools, you notice that the fragment type (not the type) of a group is c8y_IsDeviceGroup and it is stored in the inventory:

So I guess you need to set in Inventory * to read and c8y_IsDeviceGroup to create.

1 Like

“Inventory roles contain permissions that you can assign to groups of devices.”

Inventory roles relate to devices. I don’t think you can use them to manipulate groups themselves.

1 Like

true, tried it on groups and it didn’t work. Guess this is not possible as this only works for devices.

1 Like

yes, unfortunately, it does not seem possible to give or restrict authorization for functions (add group etc.) in this way. I solved it by making some updates in the source code part.

Thank you all for the replies.