User Roles
ESP RainMaker has two categories of users:
- Admin users
- End users
Admin Users
A user who owns the MQTT credentials of a given node is the Admin User for that node. That is to say, a user who Claims a node either using Host Driven Claiming or Assisted Claiming becomes an admin user for the given node. For Self Claiming, the user who provisioned the node becomes the admin user.
For private deployments, the super admin user and any other admin users added to the account gets admin access to the node.
Such a user can access the node via the ESP RainMaker dashboard and also push OTA firmware updates using topics.
An admin user cannot read/write the node parameters.
End Users
End users can be categorized into two types:
- Primary users
- Secondary users
Primary Users
A user who performs the user-node mapping workflow with a node becomes the primary user for the node. A primary user can access the node config and read/write the node parameters. A primary user can also add, remove, and view other secondary users.
A given node can have only a single primary user. If another user gets the primary user access using the user-node mapping workflow, the former primary user and all the secondary users added by him/her lose access to the node.
Secondary Users
Any user who gets access to a node via node sharing becomes secondary user for the node. A secondary user can access the node config and read/write the node parameters. A secondary user cannot add, remove, or view other secondary users though.
Why Have Such Roles?
A real-world scenario would help understand the purpose of such roles.
Suppose you are working on some products and want your friends and family to try it out. You will first Claim all the nodes and get admin access to them, so that you can view them on the dashboard and also push updates as per feedback from your end users. Note that you would not be able to get or set the parameters, since only the end users are permitted to do so.
Now, the end users will first have to configure the devices to connect to their home Wi-Fi networks, and perform provisioning and user-node mapping via the phone apps.
Once they get the primary user access through this workflow, they would be able to control and monitor these devices from their phone apps. They may further want to share that same device with family members or friends, which can be done by adding them as secondary users using the node sharing facility.
Special Case: Assisted Claiming
Assisted Claiming which happens during Bluetooth LE provisioning from phone apps is a special case. The logged in user first gets the admin access during the Assisted Claiming workflow and then also gets the primary user access via the user-node mapping workflow, both of which are incorporated into the Bluetooth LE provisioning workflow.