Team access controls
Particle offers functionality to help you manage levels of access for your team members. This is helpful when overseeing a team of people who should have varying permissions with respect to Particle devices in your fleets.
This guide breaks down into two parts:
- A summary of the available roles and a description of each
- A permissions matrix for an in-depth look at what each role as access to
Team access controls was previously available to enterprise customers only but is now available to all products.
Roles represent a set of permissions that can be applied to a member of your product team.
You can view and set team-member-specific roles for each product on the Team page for the product in the Console:
A team member's role can also be set when inviting the user to your team.
The set of roles available to you are:
- View-only: Read-only access to all information in the account, but cannot take any action.
- Support: View access plus the ability to perform basic diagnostic and troubleshooting tasks.
- Developer: Most create, view, update, and deletion abilities, without the ability to take major administrative actions.
- Administrator: Full administrative access, including team management and irreversible destructive actions.
View-only is the most strict of the three product team member roles. It is designed specifically for people on your team that you'd only like to see information about your device fleet — but don't need to make updates.
Someone with the View-only role can:
- List and inspect information about devices in the product
- Observe a stream of events from devices in the product
- View product configuration and settings
For team members who receive the View-only role, the actions they are not allowed to take will be disabled in the Console interface:
The Support role is best for the members of your team who specialize in providing customer service and "front line" support to deployed Particle devices in the field. The permissions associated with this role give these members of your team tools to interact with single devices, but limit access to fleet-wide management tools.
Someone with the Support role can:
- Do everything a Read-only teammate can do +
- Ping, call functions on, and read variables from individual devices
- Use Diagnostics tools, like Device Vitals
- Manage the lifecycle state and data limit of SIM cards
Developer is a role that is meant for the engineers on your team that are actively building and managing IoT projects with Particle. With this role, a person is granted both read & write access to Console and APIs, without the ability to take administrative actions. This includes team management and irreversible destructive actions.
Someone with the Developer role can:
- Do everything a Support teammate can do +
- Take fleet management actions — like adding a devices to groups or provision new devices into a Product
- Create and manage OAuth clients on behalf of products
- Create and manage Integrations
- Upload and release product firmware to the fleet
- Add/remove devices and SIM cards to and from the product
The Owner of the product represents the highest level of access. There is one single owner for each product. The Owner role is automatically given to the creator of the product.
Someone with the Administrator role can:
- Do everything a Developer teammate can do +
- Manage the product team and teammates' roles
- Edit product configuration and settings
There is also a special type of Administrator, reserved for the person acting as the account owner. This will appear as Administrator (Owner) in the Console. There will only be a single Owner assigned (multiple team members cannot have this role simultaneously).
- Manage billing information related to the product
The Owner's role cannot be changed. The Owner also cannot be removed from the product team.
|View Product team||✓||✓||✓||✓||✓|
|Manage Product team||✓||✓|
|View fleet health||✓||✓||✓||✓||✓|
|Subscribe to device events||✓||✓||✓||✓||✓|
|View Device Vitals||✓||✓||✓||✓||✓|
|Refresh Device Vitals||✓||✓||✓||✓|
|View Fleet Health||✓||✓||✓||✓||✓|
|Check device variables||✓||✓||✓||✓|
|Call device functions||✓||✓||✓||✓|
|Add devices to Product||✓||✓||✓|
|Edit device info||✓||✓||✓|
|Flash firmware to devices||✓||✓||✓|
|Create device group||✓||✓||✓|
|Edit/delete device group||✓||✓||✓|
|View SIM card||✓||✓||✓||✓||✓|
|Update SIM lifecycle state||✓||✓||✓||✓|
|Change SIM data limit||✓||✓||✓||✓|
|Add new SIMs to Product||✓||✓||✓|
|Remove SIMs from Product||✓||✓||✓|
|View Product firmware||✓||✓||✓||✓||✓|
|Upload firmware version||✓||✓||✓|
|Edit firmware info||✓||✓||✓|
|Create new Integration||✓||✓||✓|
|View OAuth clients||✓||✓||✓||✓||✓|
|Create OAuth client||✓||✓||✓|
|Edit/delete OAuth client||✓||✓||✓|
|View Product settings||✓||✓||✓||✓||✓|
|Edit Product settings||✓||✓|
|Billing & Usage|
|View Billing & Usage||✓||✓|
|View org team||✓||✓||✓||✓||✓|
|Manage org team||✓||✓|
|Create new Product||✓||✓||✓|
|Administrator role for all Products in org||✓||✓|
|Developer role for all Products in org||✓|
|Support role for all Products in org||✓|
|View-only role for all Products in org||✓|