Limit user access to a subset of devices

Using Device Groups to limit user access

There are two steps to limit user access to a subset of devices:

  1. Create a Device Group

  2. Bind a User or API token to the Device Group

Once a User or API token is bound to a Device Group, that account will ONLY have access to Devices in that Device Group. ALL data requests will be filtered (searches, dashboards, analysis, photos and reports). This ensures that the restricted accounts can only access data streams related to members of the target Device Group.

Hint: Further information on Device Groups and how they are created can be found under the article: Data Access > Device Groups.

Bind a User or API token to the Device Group

When creating or updating a User or API Token, you now have the option to bind the account to a Device Group.

All Devices is the default and will apply no additional restrictions. Otherwise simply select the desired Device Group from the dropdown and the account will have its access limited to ONLY members of that Device Group.

Additional Restrictions

For added security, accounts with Device Group restrictions are blocked from the following actions, regardless of their other permissions:

  • Create device

  • Update device metadata for any metadata item related to Device Group membership

  • Modifying Workgroup settings

  • For Energy Solution subscribers: Uploading meter or budget data

Last updated