Skip to content
NEW AI Solution Creator — get a working IoT prototype in 10 minutes
Stand with Ukraine flag
Star
 
Pricing Try it now

Grant Read-Only Access to All Tenant Data

Give a group of analysts read access to all tenant entities and telemetry without allowing any writes. This uses a single Generic role assigned at Tenant level.

Prerequisites: Basic familiarity with Roles and RBAC.

Step 1. Create the role

Section titled “Step 1. Create the role”
  1. Navigate to Security ⇾ Roles.
  2. Click + Add role.
  3. Name: Analyst Read-onlyRole type: Generic.
  4. Add one permission entry: Resource All, Operations Read, Read Attributes, Read Telemetry.
  5. Click Add.

Step 2. Create a user group and assign the role

Section titled “Step 2. Create a user group and assign the role”
  1. Navigate to Users ⇾ Groups.
  2. Click Add entity group, name it Analysts.
  3. Open the group details ⇾ Roles tab ⇾ Add.
  4. Select: Role type Generic, Role Analyst Read-only.
  5. Click Add.

Result

Section titled “Result”

Any user added to the Analysts group can view all tenant entities and telemetry but cannot create, modify, or delete anything.

© 2026 The ThingsBoard Authors