Scope a User to Their Customer's Data

Restrict a customer user to see and manage only the entities belonging to their own customer, with no visibility into other customers. No entity groups are required — scope is controlled by where the Generic role is assigned.

Prerequisites: Basic familiarity with Roles and RBAC.

1. Navigate to Security ⇾ Roles.
2. Click + Add role.
3. Name: Customer Full Access — Role type: Generic.
4. Add one permission entry: Resource All, Operations All.
5. Click Add.

1. Navigate to Customers ⇾ click Manage customer users for the target customer.
2. Open Groups ⇾ open the target user group ⇾ Roles tab.
3. Click Add — select Role type Generic, Role Customer Full Access.
4. Click Add.

The user sees and can manage every entity belonging to their customer — and nothing outside it. Repeat Step 2 for each customer that needs this access pattern.