Users

In ThingsBoard, a User is a principal entity with credentials to authenticate and access the platform. Users are governed by an access control model that defines what operations they can perform and which platform resources they may access.

---

Each user belongs to a specific Tenant or a Customer owner.
Ownership determines the scope of data and resources available to the user.

ThingsBoard Community Edition uses a fixed three-level role hierarchy:

• System administrator has full access to the entire platform instance and can create and manage tenants. This role does not own IoT entities.
• Tenant administrator has full control over a specific tenant environment. This role owns and manages its IoT entities (dashboards, devices, assets, etc.) and can create and manage Customers, their Customers Users, and their access to Tenant resources.
• Customer User has read-onlyaccess to the resources and data explicitly assigned by the Tenant Administrator.

---

You must be logged in as a Tenant administrator or Customer administrator with sufficient privileges to manage users.

Procedure

1. Navigate to Users from the left-hand menu.
2. Click + Add user in the top right corner.
3. Complete the user form:
   • Email: used as the login username;
   • First name, Last name, Phone (Optional);
   • Language and Unit system (Optional);
4. Select the activation method:
   • Display activation link – generates an activation link for manual sharing;
   • Send activation email – sends the activation link to the user automatically.
5. Click Next: Owner and groups and configure access scope:
   • Assign the Owner (Tenant or Customer);
   • Add the user to one or more User groups to grant initial permissions.
6. Click Add to create the user.

After creation, the user must activate the account using the provided link and set a password before logging in.

---

After receiving the activation link, the user must complete the account setup process.

1. Open the activation link.
2. Enter and confirm a password.
3. Click Create password.

Once the password is created, the activation process is complete. The user can log in and access platform resources according to the assigned ownership and permissions.

---

The User details panel shows all properties of a user account and allows you to edit them.

1. Navigate to Users from the left-hand menu.
2. Click the row of the required user in the list.

The panel contains the following fields:

• Email (required): The user’s login credential and unique identifier on the platform.
• First name: The user’s given name, shown in the UI and notifications.
• Last name: The user’s family name, shown in the UI and notifications.
• Phone: Contact number in E.164 format like +12015550123. Use the flag selector to set the country code prefix.
• Language: The display language for this user’s UI session.
• Unit system: The measurement unit system used in the UI for this user. Select Auto to inherit the tenant-level setting, Metric for SI units, Imperial for US customary units, or Hybrid to mix metric and imperial.
• Description: Free-text field for notes about the user.
• Default dashboard: The dashboard opened automatically after login. Enable Always fullscreen to hide the toolbar and open the dashboard in fullscreen mode.
• Home dashboard: The dashboard opened when the user clicks Home in the navigation bar. Enable Hide home dashboard toolbar to hide the toolbar on this dashboard.
• Custom menu: Assigns a custom navigation menu to the user, replacing the default sidebar.

To save changes, click the checkmark icon at the top of the panel.

---

Administrators can temporarily assume a user’s session.
This feature is useful for verifying access rights and troubleshooting permission-related issues.

1. Open the Users page.
2. In the users list, click the Login as … icon next to the required user (the available option depends on the user’s role).
3. The platform opens a new session with the selected user’s permission scope.

Changing the owner updates the user’s position in the multi-tenant hierarchy and automatically adjusts the scope of accessible resources according to the new ownership and assigned groups.

1. Open the Users page and select the required user.
2. In the user details view, click Manage owner and groups.
3. Update the Owner (Tenant or Customer) if necessary.
4. Add or remove the user from the required User groups.
5. Click Update to apply the changes.

ThingsBoard allows administrators to temporarily restrict a user’s access without deleting the account.
When a user account is disabled, the user cannot log in or access any tenant resources.

1. Open the Users page and select the required user.
2. In the user details view, click Enable/Disable User Account. to change the account status.

Users with sufficient permissions can remove a user account from the platform.

1. Open the Users page.
2. Click the Delete (trash bin) icon next to the required user.
3. Confirm the deletion in the dialog window.

---

Assign users only to relevant groups with minimal necessary roles.

Use distinct groups for different permission sets (e.g., read-only vs. manage).

Review group membership regularly to minimize unnecessary access.

Configure outgoing mail server settings to support automated activation workflows.