Roles and permissions
The emnify Portal is a powerful application to control the connectivity of devices of a production system.
Users across your Workspace may use the Portal, from operations and finance to development and product. That's why emnify offers four levels of access (referred to as Roles) to use and manage Portal features:
- SuperAdmin (provided for organizations with multiple Workspaces)
- Administrator (has access to all services and user management)
- User (has access to all services)
- Observer (has access to limited services)
To view and edit these roles, go to Workspace settings > Users.
The following tables describe the permissions for different roles.
Device management
| Action | SuperAdmin | Administrator | User | Observer |
|---|---|---|---|---|
| Retrieve a device by ID | ||||
| Update or delete a device by ID | ||||
| Retrieve the blocked networks for a device | ||||
| Add or remove networks from the device blocklist by ID | ||||
| List all devices | ||||
| Create a new device | ||||
| Retrieve connectivity information for a device | ||||
| Reset device connectivity |
SIM management
| Action | SuperAdmin | Administrator | User | Observer |
|---|---|---|---|---|
| List available SIMs | ||||
| List available SIM statuses | ||||
| Retrieve SIMs by ID | ||||
| Update or delete SIMs by ID | ||||
| Order SIMs from the SIM Shop |
Service policy
| Action | SuperAdmin | Administrator | User | Observer |
|---|---|---|---|---|
| Retrieve a list of available countries | ||||
| Retrieve a list of available currencies | ||||
| Retrieve single currency details by ID | ||||
| Retrieve a list of available services | ||||
| List available traffic limits for a service by ID | ||||
| Retrieve service policies | ||||
| Create service policies | ||||
| Retrieve service policies by ID | ||||
| Update or delete service policies by ID | ||||
| Add or delete services from service policies | ||||
| Add or delete traffic limit from a service | ||||
| Retrieve the SMS interface types | ||||
| Set or change a custom DNS | ||||
| Set or change data and SMS quotas |
Coverage policy
| Action | SuperAdmin | Administrator | User | Observer |
|---|---|---|---|---|
| List of available coverage area statuses | ||||
| List of available data plan statuses | ||||
| Retrieve data plan details by ID | ||||
| Retrieve data plans | ||||
| Retrieve list of data plan statuses | ||||
| Create coverage policies | ||||
| List coverage policies | ||||
| Retrieve coverage area of a coverage policy | ||||
| Retrieve country details by ID | ||||
| List networks | ||||
| Retrieve my currently active data plan | ||||
| Block networks | ||||
| Block radio access technologies (RATs) |
IP address space management
| Action | SuperAdmin | Administrator | User | Observer |
|---|---|---|---|---|
| View allocated IP address spaces | ||||
| Add IP address spaces | ||||
| Remove IP address spaces |
User management
| Action | All Workspaces | Per Workspace | ||
|---|---|---|---|---|
| SuperAdmin | Administrator | User | Observer | |
| Create or list Workspace users | ||||
| Update or delete Workspace users | ||||
| Reassign or delete a SuperAdmin | ||||
| Retrieve your user role | ||||
| Modify your user role | ||||
| Add or delete per Workspace roles from a user | ||||
| Update your password | ||||
| Delete or list trusted devices for a user | ||||
| Create or retrieve an application token | ||||
| Edit an application token | ||||
| Create a support token to assume user permissions by ID | ||||
| View reports | ||||
A user can have different roles in different Workspaces, even if they're linked. SuperAdmin is the only role that is consistent across linked Workspaces by default. However, a user can be a SuperAdmin in one main organization but hold another role (for example, Observer) in an unrelated Workspace with a different main organization.
For more information, see Multiple Workspaces.
Workspace management
| Action | SuperAdmin | Administrator | User | Observer |
|---|---|---|---|---|
| Automatically access Workspaces linked to your main organization by emnify | ||||
| Send a request to create a new Workspace | ||||
| Send a request to link existing Workspaces | ||||
| Switch between Workspaces you have access to | ||||
| View centralized reports with data from multiple Workspaces |
Alerts
| Action | SuperAdmin | Administrator | User | Observer |
|---|---|---|---|---|
| Retrieve organization or device alerts | ||||
| Retrieve user events by ID | ||||
| Retrieve IMSI and SIM events |
Data streams
| Action | SuperAdmin | Administrator | User | Observer |
|---|---|---|---|---|
| Add new data streams | ||||
| Delete existing data streams | ||||
| Update an existing data stream | ||||
| Retry an expired data stream | ||||
| Turn a data stream on or off |
Secure connection
The following actions are available in the Portal for AWS Transit Gateway and IPsec. OpenVPN isn't shown in the Secure Connection list. For more information, see OpenVPN.
| Action | SuperAdmin | Administrator | User | Observer |
|---|---|---|---|---|
| Create secure connections | ||||
| Delete existing secure connections | ||||
| Retry an expired secure connection |
MFA keys
| Action | SuperAdmin | Administrator | User | Observer |
|---|---|---|---|---|
| Generate user shared secret key for MFA | ||||
| Activate user shared secret key for MFA | ||||
| List available MFA key statuses | ||||
| Delete shared secret key for MFA of a user by ID | ||||
| List your trusted devices | ||||
| Delete a trusted device from your list by ID | ||||
| List available MFA key types | ||||
| Delete my shared secret for MFA |