Team access controls
Particle offers functionality to help you manage levels of access for your team members. This is helpful when overseeing a team of people who should have varying permissions with respect to Particle devices in your fleets.
This guide breaks down into two parts:
- A summary of the available roles and a description of each
- A permissions matrix for an in-depth look at what each role as access to
Team access controls was previously available to enterprise customers only but is now available to all products.
Roles
Roles represent a set of permissions that can be applied to a member of your product team.
You can view and set team-member-specific roles for each product on the Team page for the product in the Console:
A team member's role can also be set when inviting the user to your team.
The set of roles available to you are:
- View-only: Read-only access to all information in the account, but cannot take any action.
- Support: View access plus the ability to perform basic diagnostic and troubleshooting tasks.
- Developer: Most create, view, update, and deletion abilities, without the ability to take major administrative actions.
- Administrator: Full administrative access, including team management and irreversible destructive actions.
View-only
View-only is the most strict of the three product team member roles. It is designed specifically for people on your team that you'd only like to see information about your device fleet — but don't need to make updates.
Someone with the View-only role can:
- List and inspect information about devices in the product
- Observe a stream of events from devices in the product
- View product configuration and settings
For team members who receive the View-only role, the actions they are not allowed to take will be disabled in the Console interface:
Support
The Support role is best for the members of your team who specialize in providing customer service and "front line" support to deployed Particle devices in the field. The permissions associated with this role give these members of your team tools to interact with single devices, but limit access to fleet-wide management tools.
Someone with the Support role can:
- Do everything a Read-only teammate can do +
- Ping, call functions on, and read variables from individual devices
- Use Diagnostics tools, like Device Vitals
- Manage the lifecycle state and data limit of SIM cards
Developer
Developer is a role that is meant for the engineers on your team that are actively building and managing IoT projects with Particle. With this role, a person is granted both read & write access to Console and APIs, without the ability to take administrative actions. This includes team management and irreversible destructive actions.
Someone with the Developer role can:
- Do everything a Support teammate can do +
- Take fleet management actions — like adding a devices to groups or provision new devices into a Product
- Create and manage OAuth clients on behalf of products
- Create and manage Integrations
- Upload and release product firmware to the fleet
- Add/remove devices and SIM cards to and from the product
Administrator
The Owner of the product represents the highest level of access. There is one single owner for each product. The Owner role is automatically given to the creator of the product.
Someone with the Administrator role can:
- Do everything a Developer teammate can do +
- Manage the product team and teammates' roles
- Edit product configuration and settings
There is also a special type of Administrator, reserved for the person acting as the account owner. This will appear as Administrator (Owner) in the Console. There will only be a single Owner assigned (multiple team members cannot have this role simultaneously).
- Manage billing information related to the product
The Owner's role cannot be changed. The Owner also cannot be removed from the product team.
Permissions matrix
Product permissions
| Action | Administrator (Owner) | Administrator | Developer | Support | View-only |
|---|---|---|---|---|---|
| Team | |||||
| View Product team | ✓ | ✓ | ✓ | ✓ | ✓ |
| Manage Product team | ✓ | ✓ | |||
| Create Product API users | ✓ | ✓ | |||
| Fleet Health | |||||
| View fleet health | ✓ | ✓ | ✓ | ✓ | ✓ |
| Devices | |||||
| View device | ✓ | ✓ | ✓ | ✓ | ✓ |
| Subscribe to device events | ✓ | ✓ | ✓ | ✓ | ✓ |
| View Device Vitals | ✓ | ✓ | ✓ | ✓ | ✓ |
| Refresh Device Vitals | ✓ | ✓ | ✓ | ✓ | |
| View Fleet Health | ✓ | ✓ | ✓ | ✓ | ✓ |
| Check device variables | ✓ | ✓ | ✓ | ✓ | |
| Call device functions | ✓ | ✓ | ✓ | ✓ | |
| Ping device | ✓ | ✓ | ✓ | ✓ | |
| Add devices to Product | ✓ | ✓ | ✓ | ||
| Edit device info | ✓ | ✓ | ✓ | ||
| Flash firmware to devices | ✓ | ✓ | ✓ | ||
| Remove/unclaim devices | ✓ | ✓ | ✓ | ||
| Create device group | ✓ | ✓ | ✓ | ||
| Edit/delete device group | ✓ | ✓ | ✓ | ||
| Publish event | ✓ | ✓ | ✓ | ||
| SIM cards | |||||
| View SIM card | ✓ | ✓ | ✓ | ✓ | ✓ |
| Update SIM lifecycle state | ✓ | ✓ | ✓ | ✓ | |
| Change SIM data limit | ✓ | ✓ | ✓ | ✓ | |
| Add new SIMs to Product | ✓ | ✓ | ✓ | ||
| Remove SIMs from Product | ✓ | ✓ | ✓ | ||
| Firmware | |||||
| View Product firmware | ✓ | ✓ | ✓ | ✓ | ✓ |
| Upload firmware version | ✓ | ✓ | ✓ | ||
| Release firmware | ✓ | ✓ | ✓ | ||
| Edit firmware info | ✓ | ✓ | ✓ | ||
| Integrations | |||||
| View Integrations | ✓ | ✓ | ✓ | ✓ | ✓ |
| Create new Integration | ✓ | ✓ | ✓ | ||
| Edit/delete Integration | ✓ | ✓ | ✓ | ||
| OAuth clients | |||||
| View OAuth clients | ✓ | ✓ | ✓ | ✓ | ✓ |
| Create OAuth client | ✓ | ✓ | ✓ | ||
| Edit/delete OAuth client | ✓ | ✓ | ✓ | ||
| Customers | |||||
| View Customers | ✓ | ✓ | ✓ | ✓ | ✓ |
| Create Customers | ✓ | ✓ | ✓ | ||
| Edit/delete Customers | ✓ | ✓ | ✓ | ||
| Settings | |||||
| View Product settings | ✓ | ✓ | ✓ | ✓ | ✓ |
| Edit Product settings | ✓ | ✓ | |||
| Billing & Usage | |||||
| View Billing & Usage | ✓ | ✓ |
Organization permissions
| Action | Administrator (Owner) | Administrator | Developer | Support | View-only |
|---|---|---|---|---|---|
| Team | |||||
| View org team | ✓ | ✓ | ✓ | ✓ | ✓ |
| Manage org team | ✓ | ✓ | |||
| Create org API users | ✓ | ✓ | |||
| Owned Products | |||||
| Create new Product | ✓ | ✓ | ✓ | ||
| Administrator role for all Products in org | ✓ | ✓ | |||
| Developer role for all Products in org | ✓ | ||||
| Support role for all Products in org | ✓ | ||||
| View-only role for all Products in org | ✓ |