Skip to main content

Roles and access control

Overview of User Access Management in Barbara

This article offers a comprehensive overview of user access management in the Barbara edge computing platform. It focuses on the Role-Based Access Control (RBAC) framework used to define user roles, permissions, and access privileges.

Understanding how RBAC is implemented in Barbara enables you to manage user access across your edge deployments effectively. This ensures data security, supports regulatory compliance, and promotes efficient use of resources.

The sections below outline the responsibilities and permissions associated with each user role in Barbara. These descriptions are designed to provide a clear understanding of the capabilities and access levels assigned to each role.

note

User roles within the organization can only be assigned or modified by users with the Administrator role.

Administrator

The Administrator is the highest-level role within the company hierarchy. This role is reserved for top-level executives or individuals with administrative responsibilities. Administrators have unrestricted access to all features and functionalities of the platform, allowing them to perform any action. This includes making critical changes related to the company, such as adding or removing users. Additionally, administrators are the sole users authorised to modify audit logs, ensuring complete control and oversight of platform activities.

Supervisor

The Supervisor role is designed for senior managers or leaders of the operations team. While not having the same level of access as Administrators, they can perform most tasks. Supervisors are empowered to execute critical operations like firmware updates, power-offs, and batch operations. They also have the authority to delete essential assets such as devices or custom images and have access to sensitive information, such as Secrets or Credentials.

Editor

The Editor role is the most common role for team members actively engaged in day-to-day platform operations. Editors can download OS images, activate nodes, upload and run applications, configure them and many others. Editors are recommended as default users for regular team members.

Viewer

The Viewer role is a read-only role designed for users who need access to platform information without the need for operational capabilities. Viewers can access basic company information, view the status of nodes, observe running applications, and access real-time telemetry data. Despite having limited operational functionalities, Viewers are crucial in staying informed about the platform's status and performance.