Users, Roles, Groups, and Capabilities

The following concepts are important for understanding how DataMosaix controls user access rights. These are the same terms that Cognite uses to minimize confusion.
Roles and Capability Groups
  • User
    As described above, users are defined in FT Hub. This is a human individual with a unique login. Typically identified by email address.
  • Role
    Conceptually, a role is the role a user plays in an organization. An engineer, an IT administrator, a manager. In the case of DataMosaix, it is a set of capabilities as defined by capability groups. You assign Groups of capabilities to roles. A user will have one or more roles.
  • Capability Group
    A group of capabilities. You might want to group the capabilities required for creating and editing charts into one Group. Or, group the ability to CRUD data for one specific site in a Group.
  • Capability
    The ability to interact with a specific resource or feature. A capability is defined by a resource type, a scope, and actions. The resource type and scope define the data the capability applies to, while the action defines the operations you are allowed to perform. For example:
    read a time series
     (timeseries:read) or
    create a 3D model
     (3D:create). Capabilities have a 1:1 relationship with capabilities defined in the underlying CDF application.
    You can find more about Capabilities in the CDF documentation here: Assign capabilities.
There are eight predefined roles. These are designed to give a starting point for an implementation. The only role that you must use Project Admin which has the ability to create groups and roles. You can create your own roles if you don’t want to use these. These roles are the same as the ones defined in DataMosaix 1.0 for compatibility.
Other roles worth noting – Applications and Extractors are intended for Machine to Machine interaction and not to be assigned to people. The Extractors role is meant to give Extractors the minimum capabilities required. Likewise, applications are designed to give applications like PowerBI and Grafana the read access required. With the ability to create your own roles you can decide if these are appropriate for your use and/or use different ones.
Detailed documentation on how to use the roles and capability groups available in the DataMosaix online documentation. Refer to the  Roles, and Capability Groups.
Capability Groups and Roles
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.