# Users In Connectware, users are a known identity (person or software/hardware agent) with associated data permissions and/or administrative access. This chapter guides you through the user management in Connectware, from creating new users to assigning permissions. Each permission represents a specific access right to a resource, whether it is an MQTT topic or an HTTP endpoint, with clearly defined read and/or write capabilities. {% hint style="info" %} Before creating individual users, establish a clear role-based access control strategy by defining roles that correspond to job functions within your organization. This approach simplifies user management and ensures consistent application of security policies. {% endhint %} During installation, Connectware creates a default administrator user to ensure immediate system access. This user is named `admin` and has the `connectware-admin` role assigned to provide comprehensive permissions. For more information, see [Default Admin User](https://docs.cybus.io/2-0-6/documentation/user-management/users/default-admin-user). ## Users View The **Users View** provides a comprehensive view of all users in Connectware, including their assigned roles and permissions. * To open the **Users View**, click **User** in the navigation panel.

## Adding New Users 1. In the **Users View**, click **Add User** to open the **Create User** dialog.

2. Do one of the following: * To add users with pre-defined roles quickly, use the [default mode](#default-mode). * To define roles and permissions more granularly, use the [advanced mode](#advanced-mode). ### Default Mode 1. In the **Create User** dialog, enter the username, password, and password confirmation. 2. Optional: To assign a set of pre-defined roles to the user, click the **Roles** field and select a role. You can repeat this step to assign multiple roles. 3. Click **Create**. The dialog will close, and the new user will appear in the overview table. ### Advanced Mode In the advanced mode, you can assign a set of pre-defined roles to the user and/or individual permissions. {% hint style="info" %} We recommend to manage permissions through roles rather than individual user permissions for easier maintenance. For more information, see [Roles](https://docs.cybus.io/2-0-6/documentation/user-management/roles). {% endhint %} 1. In the **Create User** dialog, enter the username, password, and password confirmation. 2. Activate **Advanced Mode**.

3. Optional: To assign a set of pre-defined roles to the user, click the **Roles** field, select a role, and click **Add**. You can repeat this step to assign multiple roles. 4. Optional: To assign individual permissions, click the **+** button to open the **Add Permission** dialog. * Select the permission type: **HTTP** for accessing the REST API using HTTP clients or **MQTT** for accessing MQTT topics on CybusMQ. * In the **Endpoint** field, enter the resource path, which follows MQTT topic conventions. The specified topic can be a single topic or a wildcard. HTTP permissions for the resource path follow an MQTT topic structure. This means that you can use wildcards (**#** and **+**) in valid expressions, and paths must start with a leading slash (**/**). * Select the access type: **read**, **write**, or **both**. * Click **Add** to add the permission.

5. Click **Create**. The dialog will close, and the new user will appear in the overview table. ## Deleting Users You can delete users that are no longer needed. {% hint style="warning" %} Deleting a user is permanent and cannot be undone. Before proceeding, ensure that you have backed up any important user-specific configurations or transferred necessary permissions to other users. {% endhint %} 1. In the navigation panel, click **User**. 2. In the **Users View**, click the user that you want to delete. This opens the **Edit User** dialog.

3. Click the **Delete** button in the top right of the **Edit User** dialog.

4. Click **Delete** again to confirm. The user will be deleted.

## Changing User Names 2. In the **Users View**, click the user that you want to edit. This opens the **Edit User** dialog. 3. In the **Edit User** dialog, enter a new username in the **Username** field. 4. Click **Update** to apply the changes. The dialog will close, and the username will be updated. ## Adding Roles to Users Roles provide a convenient way to assign multiple permissions at once. By adding roles to users, you can quickly grant them access to specific system functions without configuring individual permissions. {% hint style="info" %} Assign roles based on job functions or responsibilities rather than individual users to maintain consistent access control across your organization. {% endhint %} 1. In the navigation panel, click **User**. 2. In the **Users View**, click the user to whom you want to add roles. This opens the **Edit User** dialog. 3. In the **Edit User** dialog, click the **Roles** field to open the list of available roles.

4. Click the **Roles** field and select a role. You can repeat this step to assign multiple roles. 5. Click **Update**. The dialog will close and the user will be updated with the selected roles.

## Removing Roles from Users When a user's responsibilities change, you may need to remove roles from them to adjust their access permissions. {% hint style="warning" %} Removing a role removes all associated permissions from the user. {% endhint %} 1. In the navigation panel, click **User**. 2. In the **Users View**, click the user from whom you want to remove roles. This opens the **Edit User** dialog. 3. In the **Edit User** dialog, click the **x** next to the role name in the **Roles** field to remove the role.

4. Click **Update**. The dialog will close and the user will be updated.

## Assigning Permissions to Users While roles are the recommended way to manage permissions, there may be cases where you need to grant specific permissions to individual users without creating a new role. 1. In the navigation panel, click **User**. 2. In the **Users View**, click the user to whom you want to assign individual permissions. This opens the **Edit User** dialog. 3. In the **Edit User** dialog, activate **Advanced Mode**.

Activating Advanced Mode in Edit User dialog

4. To assign individual permissions, click the **+** button to open the **Add Permission** dialog. * Select the permission type: **HTTP** for accessing the REST API using HTTP clients or **MQTT** for accessing MQTT topics on CybusMQ. * In the **Endpoint** field, enter the resource path, which follows MQTT topic conventions. The specified topic can be a single topic or a wildcard. HTTP permissions for the resource path follow an MQTT topic structure. This means that you can use wildcards (**#** and **+**) in valid expressions, and paths must start with a leading slash (**/**). * Select the access type: **read**, **write**, or **both**. * Click **Add** to add the permission.

5. Click **Update**. The dialog will close, and the user will be updated with the new permissions. ## Removing Permissions from Users When specific permissions are no longer needed, you can remove them while keeping other permissions intact. {% hint style="warning" %} Removing individual permissions does not affect permissions granted through roles. To completely remove access to a resource, ensure the user doesn't have access through any assigned roles. {% endhint %} 1. In the navigation panel, click **User**. 2. In the **Users View**, click the user to whom you want to assign individual permissions. This opens the **Edit User** dialog. 3. In the **Edit User** dialog, activate **Advanced Mode**.

4. To remove a permission, click its **Remove** button in the **Action** column of the permissions list.

5. Click **Update**. The dialog will close, and the user will be updated. ## Changing User Passwords Regularly updating passwords is an important security practice. 1. In the navigation panel, click **User**. 2. In the **Users View**, click the user for whom you want to change the password. This opens the **Edit User** dialog. 3. In the **Edit User** dialog, click **Change Password**.

4. In the **Password** field, enter the new password and confirm it in the **Confirm Password** field. 5. To apply the changes, click **Update**. The dialog will close and the user will be updated with changes.