User Roles
ESP RainMaker has 2 categories of users
- Admin Users
- End Users
Admin Users
A user who owns the MQTT credentials of a given node is the Admin User for that node. So, a user who claims a node either using Host driven claiming or Assisted Claiming becomes an admin user for the given node. Such a user can access the node via the ESP RainMaker dashboard and also push OTA Firmware Updates using Topics.
An admin user cannot read/write the node parameters.
Note: If a node gets credentials using self claiming, there is no admin user associated with it. For ESP32-S2, host driven claiming is the only way to get admin access, since it does not support assisted claiming.
End Users
End Users can be of two types
- Primary User
- Secondary User
Primary User
A user who performs the User-Node mapping workflow with a node becomes the primary user for the node. A primary user can access the node config and read/write the node parameters. A primary user can also add/remove/view other secondary users.
A given node can have only a single primary user. If another user gets the primary user access using the user-node mapping workflow, the older primary user and all other secondary users added by him/her lose access to the node.
Secondary User
Any user who gets access to a node via Node sharing becomes secondary user for the node. A secondary user can access the node config and read/write the node parameters. A secondary user cannot add/remove/view other secondary users though.
Why have such roles?
A real world scenario would help understand the purpose of such roles.
Suppose you are working on some product and want your friends and family to try it out. You will first claim all the nodes and get admin access to them so that you can view them on the dashboard and also push out updates as per feedback from your end users. Note that you would not be able to get/set the parameters, since only the end users are permitted to do so.
Now, the end users will first have to configure the devices to connect to their home Wi-Fi network and so, will perform provisioning and user node mapping via the phone apps.
Once they get the primary user access through this workflow, they would be able to control and monitor these devices from their phone apps. They may further want to share that same device with their own family members or friends, which they can do by adding them as secondary users using the node sharing facility.
Assisted Claiming - a special case
Assisted claiming which happens during BLE provisioning from phone apps is a special case. The logged in user first gets the admin access during the assisted claiming workflow and then also gets the primary user access via the user-node mapping workflow, both of which are incorporated into the BLE provisioning workflow.