Grant Read-Only Access to All Tenant Data
Give a group of analysts read access to all tenant entities and telemetry without allowing any writes. This uses a single Generic role assigned at Tenant level.
Prerequisites: Basic familiarity with Roles and RBAC.
Step 1. Create the role
Section titled “Step 1. Create the role”- Navigate to Security ⇾ Roles.
- Click + Add role.
- Name: Analyst Read-only — Role type: Generic.
- Add one permission entry: Resource All, Operations Read, Read Attributes, Read Telemetry.
- Click Add.
Step 2. Create a user group and assign the role
Section titled “Step 2. Create a user group and assign the role”- Navigate to Users ⇾ Groups.
- Click Add entity group, name it Analysts.
- Open the group details ⇾ Roles tab ⇾ Add.
- Select: Role type Generic, Role Analyst Read-only.
- Click Add.
Result
Section titled “Result”Any user added to the Analysts group can view all tenant entities and telemetry but cannot create, modify, or delete anything.