Roles
Role-Based Access Control (RBAC) in ThingsBoard provides a structured security model that governs what actions authenticated users can perform on entities and resources within the platform. RBAC ensures scalable, secure user access by defining roles with specific permissions and assigning them according to organizational needs.
Access control model
Section titled “Access control model”In ThingsBoard Community Edition, the RBAC model is based on a fixed set of predefined authority levels used to manage access. Permissions are determined by built-in roles assigned directly to users.
Built-in roles
- System administrator has full access to system-wide resources and settings and can create and manage tenants. This role does not own IoT entities.
- Tenant administrator has full control over a specific tenant environment. This role owns and manages its IoT entities, including devices, assets, dashboards, customers, and other tenant entities.
- Customer user has read-only access to the resources and data explicitly assigned by the Tenant Administrator.