Programmer-oriented matrix for what permission sets can be assigned to user/device identities at each scope.
How to read this page:
| Scope | User assignable permissions | Device assignable permissions | Enum family |
|---|---|---|---|
| Instance | Yes | No (instance-only bits) | UserInstancePermissions (+ user governance extension) |
| Project | Yes | Yes | user: UserProjectPermissions; device: IndividualProjectPermissions |
| Object structure (OT) | Yes | Yes | IndividualTablePermissions bits granted per OT |
| Object (O) | Yes | Yes | IndividualTablePermissions bits granted per object |
Important:
IndividualProjectPermissions.IndividualProjectPermissions inherits table/data permissions, but assignment still happens at project scope.| Permission | Meaning |
|---|---|
| All projects access | Equivalent of base project access for all projects in project authorization. |
| Group organizer | Can create groups. |
| Permission | Meaning |
|---|---|
| Architect | Modify table structures (create/edit/delete), includes deleted visibility, no force delete. |
| Role moderator | Manage role permissions/defaults and invite users in instance/project scopes; can add role/table permissions except private objects. |
| Admin | Advanced visibility and management of projects/tables/rows including deleted/history contexts. |
| Permission | Meaning |
|---|---|
| Private objects entrusted | Can see all private objects. |
| Permission | Meaning |
|---|---|
| Object manager | Add/edit/delete object table rows and object-table operations. |
| Data analyst | Read and process data. |
| Data source | Insert data and read last value. |
| Data manager | Edit/delete data and read last value. |
Notes:
Architect and Role Moderator are user governance permissions.Object Manager, Data Analyst, Data Source, and Data Manager are operational permissions used for both users and devices.| Action | Architect | Role Moderator | Object Manager | Data Analyst | Data Source | Data Manager |
|---|---|---|---|---|---|---|
| View object list | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| View object structure design | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Create/modify object structures | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Read data | ✓ | ✓ | ✗ | ✓ | ✗ | ✓ |
| Insert data | ✓ | ✗ | ✗ | ✗ | ✓ | ✓ |
| Edit/delete data | ✓ | ✗ | ✗ | ✗ | ✗ | ✓ |
| Create/edit objects | ✓ | ✗ | ✓ | ✗ | ✗ | ✗ |
| Manage role permissions in project | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
Effective rights are evaluated additively through the scope chain:
Instance -> Project -> Object structure (OT) -> Object (O)
See Permissions Guide for complete evaluation flow.