Skip to main content

Roles and permissions

The emnify Portal is a powerful application to control the connectivity of devices of a production system.

Users across your Workspace may use the Portal, from operations and finance to development and product. That's why emnify offers four levels of access (referred to as Roles) to use and manage Portal features:

  • SuperAdmin (provided for organizations with multiple Workspaces)
  • Administrator (has access to all services and user management)
  • Observer (has access to limited services)
  • User (has access to all services)

To view and edit these roles, go to Workspace settings > Users.

The following tables describe the permissions for different roles.

Device management

Retrieve a device by ID
Update or delete a device by ID
Retrieve the blocked networks for a device
Add or remove networks from the device blocklist by ID
List all devices
Create a new device
Retrieve connectivity information for a device

SIM management

List available SIMs
List available SIM statuses
Retrieve SIMs by ID
Update or delete SIMs by ID
Order SIMs from the SIM Shop

Service policy

Retrieve a list of available countries
Retrieve a list of available currencies
Retrieve single currency details by ID
Retrieve a list of available services
List available traffic limits for a service by ID
Retrieve service policies
Create service policies
Retrieve service policies by ID
Update or delete service policies by ID
Add or delete services from service policies
Add or delete traffic limit from a service
Retrieve the SMS interface types
Set or change a custom DNS
Set or change data and SMS quotas

Coverage policy

List of available coverage area statuses
List of available data plan statuses
Retrieve data plan details by ID
Retrieve data plans
Retrieve list of data plan statuses
Create coverage policies
List coverage policies
Retrieve coverage area of a coverage policy
Retrieve country details by ID
List networks
Retrieve my currently active data plan

User management

ActionAll WorkspacesPer Workspace
Create or list Workspace users
Update or delete Workspace users
Reassign or delete a SuperAdmin
Retrieve your user role
Modify your user role
Add or delete per Workspace roles from a user
Update your password
Delete or list trusted devices for a user
Create or retrieve an application token
Edit an application token
Create a support token to assume user permissions by ID
View reports

A user can have different roles in different Workspaces, even if they're linked. SuperAdmin is the only role that is consistent across linked Workspaces by default. However, a user can be a SuperAdmin in one main organization but hold another role (for example, Observer) in an unrelated Workspace with a different main organization.

For more information, see Multiple Workspaces.

Workspace management

Automatically access Workspaces linked to your main organization by emnify
Send a request to create a new Workspace
Send a request to link existing Workspaces
Switch between Workspaces you have access to
View centralized reports with data from multiple Workspaces


Retrieve organization or device alerts
Retrieve user events by ID
Retrieve IMSI and SIM events

MFA keys

Generate user shared secret key for MFA
Activate user shared secret key for MFA
List available MFA key statuses
Delete shared secret key for MFA of a user by ID
List your trusted devices
Delete a trusted device from your list by ID
List available MFA key types
Delete my shared secret for MFA