# UI Access ### Pages Below you can find the list of pages available on the Admin-UI along side the optional and required permissions to access them. #### Data **Data Explorer** `/data/explorer` **Required permissions** * [Loading endpoint’s state](#loading-endpoints-state) * [Loading mapping’s state](#loading-mappings-state) * [Loading node’s state](#loading-nodes-state) * [Subscribing to MQTT Topics](#subscribing-to-mqtt-topics) **Optional permissions** * [Loading Connectware’s topics metadata](#loading-connectwares-topics-metadata) #### Services **Rule Sandbox** `/services/rule-engine-sandbox` **Required permissions** * [Subscribing to MQTT Topics](#subscribing-to-mqtt-topics) * [Using the Rule Engine](#using-the-rule-engine) **Optional permissions** * [Loading Connectware’s topics metadata](#loading-connectwares-topics-metadata) **Service Catalog** `/services/catalog` **Required permissions** * [Creating or updating services](#creating-or-updating-services) * [Loading service’s catalog metadata](#loading-services-catalog-metadata) **Service Logs** `/services/logs` **Required permissions** * [Loading logs](#loading-logs) **Service Overview** `/services/overview` **Required permissions** * [Loading services](#loading-services) **Optional permissions** * [Creating or updating services](#creating-or-updating-services) * [Loading service’s details](#loading-services-details) * [Managing services](#managing-services) **Edit template** `/services/edit-template` **Required permissions** * [Edit service templates](#edit-service-templates) **Service Details** `/services/overview/:serviceId` **Required permissions** * [Loading service’s details](#loading-services-details) **Optional permissions** * In order to **use Service\`s Live Data** the following permissions are required: * [Loading service’s Live Data](#loading-services-live-data) * [Subscribing to MQTT Topics](#subscribing-to-mqtt-topics) * [Creating or updating services](#creating-or-updating-services) * [Loading connections](#loading-connections) * [Loading endpoints](#loading-endpoints) * [Loading logs](#loading-logs) * [Loading mappings](#loading-mappings) * [Loading servers](#loading-servers) * [Loading service containers](#loading-service-containers) * [Loading volumes](#loading-volumes) * [Managing services](#managing-services) **Connection** `/services/overview/:serviceId/connections/:resourceId` **Required permissions** * [Loading connection’s details](#loading-connections-details) **Optional permissions** * [Loading logs](#loading-logs) * [Managing connections](#managing-connections) **Container** `/services/overview/:serviceId/containers/:resourceId` **Required permissions** * [Loading service container’s details](#loading-service-containers-details) **Optional permissions** * [Loading logs](#loading-logs) * [Managing service containers](#managing-service-containers) **Endpoint** `/services/overview/:serviceId/endpoints/:resourceId` **Required permissions** * [Loading endpoint’s details](#loading-endpoints-details) **Optional permissions** * [Loading logs](#loading-logs) * [Managing endpoints](#managing-endpoints) **Mapping** `/services/overview/:serviceId/mappings/:resourceId` **Required permissions** * [Loading mapping’s details](#loading-mappings-details) **Optional permissions** * [Loading logs](#loading-logs) * [Managing mappings](#managing-mappings) * [Subscribing to MQTT Topics](#subscribing-to-mqtt-topics) **Server** `/services/overview/:serviceId/servers/:resourceId` **Required permissions** * [Loading server’s details](#loading-servers-details) **Optional permissions** * [Loading logs](#loading-logs) * [Loading nodes](#loading-nodes) * [Managing servers](#managing-servers) **Volume** `/services/overview/:serviceId/volumes/:resourceId` **Required permissions** * [Loading volume’s details](#loading-volumes-details) **Optional permissions** * [Loading logs](#loading-logs) * [Managing volumes](#managing-volumes) **Service Resources** `/services/resources` **Required permissions** Fulfil any of the required permissions below and **Service Resources** will be available * [Loading connections](#loading-connections) * [Loading endpoints](#loading-endpoints) * [Loading mappings](#loading-mappings) * [Loading servers](#loading-servers) * [Loading service containers](#loading-service-containers) * [Loading services](#loading-services) * [Loading volumes](#loading-volumes) **Optional permissions** * [Loading connection’s details](#loading-connections-details) * [Loading endpoint’s details](#loading-endpoints-details) * [Loading mapping’s details](#loading-mappings-details) * [Loading server’s details](#loading-servers-details) * [Loading service container’s details](#loading-service-containers-details) * [Loading service’s details](#loading-services-details) * [Loading volume’s details](#loading-volumes-details) * [Managing connections](#managing-connections) * [Managing endpoints](#managing-endpoints) * [Managing mappings](#managing-mappings) * [Managing servers](#managing-servers) * [Managing service containers](#managing-service-containers) * [Managing volumes](#managing-volumes) **Connections** `/services/resources/connections` **Required permissions** * [Loading connections](#loading-connections) **Optional permissions** * [Loading connection’s details](#loading-connections-details) * [Managing connections](#managing-connections) **Connection** `/services/resources/connections/:resourceId` **Required permissions** * [Loading connection’s details](#loading-connections-details) **Optional permissions** * [Loading logs](#loading-logs) * [Managing connections](#managing-connections) **Containers** `/services/resources/containers` **Required permissions** * [Loading service containers](#loading-service-containers) **Optional permissions** * [Loading service container’s details](#loading-service-containers-details) * [Managing service containers](#managing-service-containers) **Container** `/services/resources/containers/:resourceId` **Required permissions** * [Loading service container’s details](#loading-service-containers-details) **Optional permissions** * [Loading logs](#loading-logs) * [Managing service containers](#managing-service-containers) **Endpoints** `/services/resources/endpoints` **Required permissions** * [Loading endpoints](#loading-endpoints) **Optional permissions** * [Loading endpoint’s details](#loading-endpoints-details) * [Managing endpoints](#managing-endpoints) **Endpoint** `/services/resources/endpoints/:resourceId` **Required permissions** * [Loading endpoint’s details](#loading-endpoints-details) **Optional permissions** * [Loading logs](#loading-logs) * [Managing endpoints](#managing-endpoints) **Mappings** `/services/resources/mappings` **Required permissions** * [Loading mappings](#loading-mappings) **Optional permissions** * [Loading mapping’s details](#loading-mappings-details) * [Managing mappings](#managing-mappings) **Mapping** `/services/resources/mappings/:resourceId` **Required permissions** * [Loading mapping’s details](#loading-mappings-details) **Optional permissions** * [Loading logs](#loading-logs) * [Managing mappings](#managing-mappings) * [Subscribing to MQTT Topics](#subscribing-to-mqtt-topics) **Servers** `/services/resources/servers` **Required permissions** * [Loading servers](#loading-servers) **Optional permissions** * [Loading server’s details](#loading-servers-details) * [Managing servers](#managing-servers) **Server** `/services/resources/servers/:resourceId` **Required permissions** * [Loading server’s details](#loading-servers-details) **Optional permissions** * [Loading logs](#loading-logs) * [Loading nodes](#loading-nodes) * [Managing servers](#managing-servers) **Service Links** `/services/resources/links` **Required permissions** * [Loading services](#loading-services) **Optional permissions** * [Loading service’s details](#loading-services-details) **Service Details** `/services/resources/service/:resourceId` **Required permissions** * [Loading service’s details](#loading-services-details) **Optional permissions** * In order to **use Service\`s Live Data** the following permissions are required: * [Loading service’s Live Data](#loading-services-live-data) * [Subscribing to MQTT Topics](#subscribing-to-mqtt-topics) * [Creating or updating services](#creating-or-updating-services) * [Loading connections](#loading-connections) * [Loading endpoints](#loading-endpoints) * [Loading logs](#loading-logs) * [Loading mappings](#loading-mappings) * [Loading servers](#loading-servers) * [Loading service containers](#loading-service-containers) * [Loading volumes](#loading-volumes) * [Managing services](#managing-services) **Volumes** `/services/resources/volumes` **Required permissions** * [Loading volumes](#loading-volumes) **Optional permissions** * [Loading volume’s details](#loading-volumes-details) * [Managing volumes](#managing-volumes) **Volume** `/services/resources/volumes/:resourceId` **Required permissions** * [Loading volume’s details](#loading-volumes-details) **Optional permissions** * [Loading logs](#loading-logs) * [Managing volumes](#managing-volumes) #### Settings **Login** `/settings/login` **Optional permissions** * In order to **manage your password** the following permissions are required: * [Managing your own password](#managing-your-own-password) * [Retrieving CW’s password policy](#retrieving-cws-password-policy) * [Use Multi-factor authentication](#use-multi-factor-authentication) #### System **Backup & Restore** `/system/backup-and-restore` **Required permissions** * [Managing Connectware’s backups](#managing-connectwares-backups) **System Status** `/system/status` **Required permissions** Fulfil any of the required permissions below and **System Status** will be available * [Loading Connectware’s metrics](#loading-connectwares-metrics) * [Loading Connectware’s system information](#loading-connectwares-system-information) * [Loading agents](#loading-agents) * [Loading core containers](#loading-core-containers) **Optional permissions** * [Loading core container’s details](#loading-core-containers-details) * [Loading services](#loading-services) * [Managing Connectware’s license](#managing-connectwares-license) * [Managing Connectware’s metrics](#managing-connectwares-metrics) * [Managing agents](#managing-agents) * [Managing core containers](#managing-core-containers) **Agents** `/system/status/agents` **Required permissions** * [Loading agents](#loading-agents) **Optional permissions** * [Managing agents](#managing-agents) **Internet Connectivity** `/system/status/internet-connectivity` **Required permissions** * [Loading Connectware’s system information](#loading-connectwares-system-information) **License** `/system/status/license` **Required permissions** * [Loading Connectware’s system information](#loading-connectwares-system-information) **Optional permissions** * [Managing Connectware’s license](#managing-connectwares-license) **Metrics** `/system/status/metrics` **Required permissions** * [Loading Connectware’s metrics](#loading-connectwares-metrics) **Optional permissions** * [Managing Connectware’s metrics](#managing-connectwares-metrics) **System Container** `/system/status/container` **Required permissions** * [Loading core containers](#loading-core-containers) **Optional permissions** * [Loading core container’s details](#loading-core-containers-details) * [Managing core containers](#managing-core-containers) **Container** `/system/status/container/:resourceId` **Required permissions** * [Loading core container’s details](#loading-core-containers-details) **Optional permissions** * [Loading logs](#loading-logs) * [Managing core containers](#managing-core-containers) **System Information** `/system/status/information` **Required permissions** * [Loading Connectware’s system information](#loading-connectwares-system-information) **Optional permissions** * [Loading services](#loading-services) #### User **Client Registry** `/user/client-registry` **Required permissions** * [Managing the client registry](#managing-the-client-registry) **User Certificates** `/user/certificates` **Required permissions** * [Managing certificates](#managing-certificates) **User Management** **Permissions** `/user/management/permissions` **Required permissions** * [Managing permissions](#managing-permissions) **Roles** `/user/management/roles` **Required permissions** * [Load configuration needed to manage users and roles](#load-configuration-needed-to-manage-users-and-roles) * [Managing roles](#managing-roles) **Users** `/user/management/users` **Required permissions** * [Load configuration needed to manage users and roles](#load-configuration-needed-to-manage-users-and-roles) * [Managing users](#managing-users) * [Retrieving CW’s password policy](#retrieving-cws-password-policy) ### Permissions Below you can find the alternative permissions that can be assigned to users and roles in order to enable them to perform actions on the Admin UI. #### Creating or updating services | Resource | Context | Operation | | ----------------- | ------- | --------- | | `/api/services/+` | `http` | `write` | | `/api/services` | `http` | `write` | #### Detecting deviations By using HTTP | Resource | Context | Operation | | ----------------- | ------- | --------- | | `/api/services/+` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Edit service templates | Resource | Context | Operation | | ------------------------ | ------- | --------- | | `/api/resources/schemas` | `http` | `read` | | `/api/validate/service` | `http` | `write` | #### Load configuration needed to manage users and roles | Resource | Context | Operation | | ---------------- | ------- | --------- | | `/api/auth/ldap` | `http` | `read` | | `/api/auth/mfa` | `http` | `read` | #### Loading agents By using HTTP | Resource | Context | Operation | | -------------------- | ------- | --------- | | `/api/system/agents` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading connection’s details By using HTTP | Resource | Context | Operation | | -------------------- | ------- | --------- | | `/api/connections/+` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading connections By using HTTP | Resource | Context | Operation | | ------------------ | ------- | --------- | | `/api/connections` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading Connectware’s metrics | Resource | Context | Operation | | ----------------------- | ------- | --------- | | `/api/system/metrics` | `http` | `read` | | `/api/system/preflight` | `http` | `read` | #### Loading Connectware’s system information | Resource | Context | Operation | | ----------------------- | ------- | --------- | | `/api/permissions` | `http` | `read` | | `/api/system/info` | `http` | `read` | | `/api/system/preflight` | `http` | `read` | #### Loading Connectware’s topics metadata | Resource | Context | Operation | | ------------- | ------- | --------- | | `/api/topics` | `http` | `read` | #### Loading core container’s details By using HTTP | Resource | Context | Operation | | -------------------------------- | ------- | --------- | | `/api/core-containers/+/inspect` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading core containers By using HTTP | Resource | Context | Operation | | ----------------------------------- | ------- | --------- | | `/api/core-containers/+/inspect` | `http` | `read` | | `/api/core-containers/orchestrator` | `http` | `read` | | `/api/core-containers` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading endpoint’s details By using HTTP | Resource | Context | Operation | | ------------------------- | ------- | --------- | | `/api/endpoints/+/topics` | `http` | `read` | | `/api/endpoints/+` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading endpoint’s state By using HTTP | Resource | Context | Operation | | ------------------------ | ------- | --------- | | `/api/endpoints/+/state` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading endpoints By using HTTP | Resource | Context | Operation | | ---------------- | ------- | --------- | | `/api/endpoints` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading logs | Resource | Context | Operation | | ----------------------------------- | ------- | --------- | | `/api/core-containers/+/logs` | `http` | `read` | | `/api/core-containers/orchestrator` | `http` | `read` | | `/api/core-containers` | `http` | `read` | | `/api/system/agents` | `http` | `read` | #### Loading mapping’s details By using HTTP | Resource | Context | Operation | | --------------------------------- | ------- | --------- | | `/api/mappings/+/endpoint-topics` | `http` | `read` | | `/api/mappings/+` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading mapping’s state By using HTTP | Resource | Context | Operation | | ----------------------- | ------- | --------- | | `/api/mappings/+/state` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading mappings By using HTTP | Resource | Context | Operation | | --------------- | ------- | --------- | | `/api/mappings` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading node’s state By using HTTP | Resource | Context | Operation | | -------------------- | ------- | --------- | | `/api/nodes/+/state` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading nodes By using HTTP | Resource | Context | Operation | | ------------ | ------- | --------- | | `/api/nodes` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading server’s details By using HTTP | Resource | Context | Operation | | ---------------- | ------- | --------- | | `/api/servers/+` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading servers By using HTTP | Resource | Context | Operation | | -------------- | ------- | --------- | | `/api/servers` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading service container’s details By using HTTP | Resource | Context | Operation | | --------------------------- | ------- | --------- | | `/api/containers/+/inspect` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading service containers By using HTTP | Resource | Context | Operation | | ------------------------------ | ------- | --------- | | `/api/containers/+/inspect` | `http` | `read` | | `/api/containers/orchestrator` | `http` | `read` | | `/api/containers` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading service’s catalog metadata | Resource | Context | Operation | | --------------------------- | ------- | --------- | | `/api/marketplace/app/meta` | `http` | `read` | | `/api/marketplace/app` | `http` | `read` | | `/api/marketplace/apps` | `http` | `read` | #### Loading service’s details By using HTTP | Resource | Context | Operation | | ------------------------------ | ------- | --------- | | `/api/services/+/dependencies` | `http` | `read` | | `/api/services/+` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading service’s Live Data | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading services By using HTTP | Resource | Context | Operation | | ----------------- | ------- | --------- | | `/api/services/+` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading volume’s details By using HTTP | Resource | Context | Operation | | ------------------------ | ------- | --------- | | `/api/volumes/+/inspect` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Loading volumes By using HTTP | Resource | Context | Operation | | -------------- | ------- | --------- | | `/api/volumes` | `http` | `read` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Managing agents | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Managing certificates | Resource | Context | Operation | | --------------------- | ------- | ----------- | | `/api/certificates/+` | `http` | `read` | | `/api/certificates` | `http` | `readWrite` | #### Managing connections By using HTTP | Resource | Context | Operation | | ------------------------------ | ------- | --------- | | `/api/connections/+/operation` | `http` | `write` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Managing Connectware’s backups | Resource | Context | Operation | | ----------------------- | ------- | ----------- | | `/api/maintenance/db/+` | `http` | `readWrite` | | `/api/maintenance/db` | `http` | `read` | #### Managing Connectware’s license | Resource | Context | Operation | | ------------------------- | ------- | --------- | | `/api/system/licensefile` | `http` | `write` | | `/api/system/refresh` | `http` | `read` | #### Managing Connectware’s metrics | Resource | Context | Operation | | --------------------- | ------- | --------- | | `/api/system/metrics` | `http` | `write` | #### Managing core containers | Resource | Context | Operation | | ---------------------------------- | ------- | --------- | | `/api/core-containers/+/operation` | `http` | `write` | #### Managing endpoints By using HTTP | Resource | Context | Operation | | ---------------------------- | ------- | --------- | | `/api/endpoints/+/operation` | `http` | `write` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Managing mappings By using HTTP | Resource | Context | Operation | | --------------------------- | ------- | --------- | | `/api/mappings/+/operation` | `http` | `write` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Managing permissions | Resource | Context | Operation | | -------------------- | ------- | --------- | | `/api/permissions/#` | `http` | `read` | #### Managing roles | Resource | Context | Operation | | -------------- | ------- | ----------- | | `/api/roles/#` | `http` | `readWrite` | | `/api/roles` | `http` | `write` | #### Managing servers By using HTTP | Resource | Context | Operation | | -------------------------- | ------- | --------- | | `/api/servers/+/operation` | `http` | `write` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Managing service containers By using HTTP | Resource | Context | Operation | | ----------------------------- | ------- | --------- | | `/api/containers/+/operation` | `http` | `write` | Or through MQTT | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Managing services | Resource | Context | Operation | | --------------------------- | ------- | --------- | | `/api/services/+/operation` | `http` | `write` | | `/api/services/+` | `http` | `write` | #### Managing the client registry | Resource | Context | Operation | | ------------------------ | ------- | ----------- | | `/api/client-registry/+` | `http` | `readWrite` | | `/api/client-registry` | `http` | `read` | #### Managing users | Resource | Context | Operation | | ---------------- | ------- | ----------- | | `/api/listUsers` | `http` | `read` | | `/api/users/#` | `http` | `readWrite` | #### Managing volumes | Resource | Context | Operation | | -------- | ------- | ----------- | | `#` | `mqtt` | `readWrite` | #### Managing your own password | Resource | Context | Operation | | ---------------------------- | ------- | --------- | | `/api/users/change-password` | `http` | `write` | #### Retrieving CW’s password policy | Resource | Context | Operation | | ---------------------- | ------- | --------- | | `/api/policy/password` | `http` | `read` | #### Subscribing to MQTT Topics | Resource | Context | Operation | | -------- | ------- | --------- | | Any | `mqtt` | `read` | #### Use Multi-factor authentication | Resource | Context | Operation | | --------------------------------- | ------- | --------- | | `/api/mfa/disable` | `http` | `write` | | `/api/mfa/enable` | `http` | `write` | | `/api/mfa/isenrolled` | `http` | `read` | | `/api/mfa/login` | `http` | `write` | | `/api/mfa/regenerate/backupcodes` | `http` | `write` | | `/api/mfa/validate` | `http` | `write` | #### Using the Rule Engine | Resource | Context | Operation | | -------------------- | ------- | --------- | | `/api/endpoints` | `http` | `read` | | `/api/rule-engine/+` | `http` | `write` | #### Using the workbench | Resource | Context | Operation | | -------------- | ------- | ----------- | | `/workbench/#` | `http` | `readWrite` | | `/workbench` | `http` | `readWrite` |