Permissions in EdgeGo define what actions users can perform within the system. They are organized into categories and can be assigned to roles, which are then assigned to user groups.
Permission Categories
EdgeGo organizes permissions into five main categories:
- UserGroup/Logs/Server Settings
- Users
- Roles
- DeviceGroup/Device Alert
- Device
- Execute Script/Deploy Package: Run scripts or deploy software packages to devices
- Lock/Unlock USB: Control USB port access on devices
- Reboot Device: Restart devices remotely
- Remote Desktop: Access device desktops remotely
- Shutdown Device: Power off devices remotely
- Sync Device Time: Synchronize device time settings
- Upgrade Device Agent: Update the EdgeGo agent software on devices
- Upload File: Transfer files to devices
- View Device Data: Access device information and status
- Web Terminal: Access device command line through web interface
Predefined Roles
EdgeGo includes several built-in roles with different permission sets:
| Role Name | User Group/Logs/Server Settings | Users | Roles | Device Group/Alert | Device |
|---|---|---|---|---|---|
| admin | ✓ | ✓ | ✓ | ✓ | All device permissions |
| device-admin | ✗ | ✗ | ✗ | ✓ | All device permissions |
| device-controller | ✗ | ✗ | ✗ | ✗ | All device permissions |
| device-viewer | ✗ | ✗ | ✗ | ✗ | View Device Data only |
Permission Assignment
Permissions are not assigned directly to users. Instead, they are:
- Grouped into roles
- Roles are assigned to user groups
- Users inherit permissions from their group memberships
This hierarchical approach simplifies permission management and ensures consistent access control across the system.
