LogoLogo
Contact Uscybus.io
Connectware 1.11.0
Connectware 1.11.0
  • Getting Started
    • Introduction
    • System Requirements
    • Connectware Admin UI
    • Basic Components of Connectware
    • Connecting your First Machine
      • Your First Service Commissioning File
  • Documentation
    • Installation and Upgrades
      • Installing Connectware
        • Installing Connectware (Kubernetes)
        • Installing Connectware (Docker)
      • Upgrading Connectware
        • Upgrading Connectware (Kubernetes)
          • Version-Specific Upgrades (Kubernetes)
        • Upgrading Connectware (Docker)
          • Version-Specific Upgrades (Docker)
      • Uninstalling Connectware
        • Uninstalling Connectware (Kubernetes)
        • Uninstalling Connectware (Docker)
      • Licensing
      • Restarting Connectware
    • User Management
      • Users and Roles View
      • Users
      • Roles
      • Permissions
      • Password Policy Rules
      • Default Admin User
      • MQTT Users
      • Adding a MQTT Publish Prefix for Users
      • Multi-Factor Authentication
      • Single Sign-On (SS0)
        • Single Sign-On with Microsoft Entra ID
        • Single Sign-On with LDAP
      • JSON Web Tokens
      • Access Permissions for Admin-UI
        • UI Access
        • Minimum Access Role Pages
    • Services
      • Service Overview
      • Service Resources View
        • Service Links View
        • Servers View
        • Containers View
        • Volumes View
        • Connections View
        • Endpoints View
        • Mappings View
      • Service Details View
      • Service Commissioning Files
        • Version
        • Description
        • Metadata
        • Parameters
        • Definitions
        • Resources
          • Cybus::Connection
          • Cybus::Container
            • Docker Problem with Network Changes
          • Cybus::Endpoint
          • Cybus::File
          • Cybus::IngressRoute
          • Cybus::Link
          • Cybus:Mapping
          • Cybus::Node
          • Cybus::Role
          • Cybus::Server
          • Cybus::User
          • Cybus::Volume
      • Setting Up and Configuring Services
        • Installing Services
        • Enabling Services
        • Updating Services
        • Disabling Services
        • Deleting Services
      • FlowSync
        • Example 1 - Node with Transaction Mode (HTTP)
        • Example 2 - Node Responds (HTTP)
        • Example 3 - Node with Error (HTTP)
        • Example 4 - Node with Timeout Error Code and Error Message (HTTP)
        • Example 5 - Full Transactional Data Flow (HTTP)
        • Example 6 - Full Transactional Data Flow (OPC UA)
      • ServiceID
      • Inter-Service Referencing
      • Deviations
      • Service Logs
        • Logs of Individual Services
        • Logs of All Services
      • Rule Engine
        • Data Processing Rules
        • Rule Sandbox
      • Shared Subscriptions
        • Setting Up Shared Subscriptions
    • Agents
      • Agents View
      • Installing Agents
        • Installing Agents via Docker
        • Installing Agents via Docker Compose
        • Installing Agents via Kubernetes
        • Using Mutual TLS for Agents
      • Registering Agents in Connectware
      • Using Agents
      • Monitoring Agents
      • Agents in Kubernetes
        • Adding Agents Inside your Connectware Installation
        • Remote Agents with the connectware-agent Helm Chart
        • Kubernetes Cluster Requirements for the connectware-agent Helm Chart
        • Installing Connectware Agents using the connectware-agent Helm Chart
        • Installing Connectware Agents without a License Key Using the connectware-agent Helm Chart
        • Upgrading the connectware-agent Helm Chart
        • Uninstalling Connectware agents with the connectware-agent Helm chart
        • Configuration Principles for the connectware-agent Helm Chart
        • Configuring Agents with the connectware-agent Helm Chart
          • Configuring Target Connectware for the connectware-agent Helm Chart
          • Configuring Agent Persistence for the connectware-agent Helm Chart
          • Configuring Compute Resources for the connectware-agent Helm Chart
          • Using a Custom Image Registry for the connectware-agent Helm Chart
          • Configuring Image Pull Policy for the connectware-agent Helm Chart
          • Using Mutual Transport Layer Security (mTLS) for agents with the connectware-agent Helm chart
          • Configuring image name and version for the connectware-agent Helm chart
          • Configuring Environment Variables for the connectware-agent Helm Chart
          • Configuring Labels and Annotations for the connectware-agent Helm Chart
          • Configuring podAntiAffinity for the connectware-agent Helm Chart
          • Assigning Agents to Kubernetes Nodes for the connectware-agent Helm Chart
          • Configuring Security Context for the connectware-agent Helm Chart
          • Controlling the Name of Kubernetes Objects for the connectware-agent Helm Chart
      • Troubleshooting Agents
    • Client Registry
      • Implicit Flow
      • Explicit Flow
      • Granting Access
    • Certificates
      • Certificates View
      • Adding Certificates
      • Removing Certificates
    • Monitoring
      • Data Explorer
      • Live Data
    • Node-RED Workbench
    • System Status
      • Info
      • Metrics
      • Status
      • Retrieving More System Information
      • System Health
    • Backup and Restore
      • Volumes
      • User Database
    • CybusMQ
      • Configuring CybusMQ
    • Connectware on Kubernetes
      • Connectware Helm Chart
      • Resizing Broker Volumes in Kubernetes
      • Configuring Core Services
      • LDAP Authentication
        • Configuring LDAP Authentication
        • Enabling TLS for LDAP Authentication
        • Manual Kubernetes Secret for LDAP Authentication Bind User
        • Customizing the Search Filter for LDAP Authentication
        • Customizing the User RDN for LDAP Authentication
      • Troubleshooting Connectware on Kubernetes
    • Environment Variables
    • Industry Protocol Details
      • ADS
        • ADS Connection Properties
        • ADS Endpoint Properties
      • BACnet
        • BACnet Connection Properties
        • BACnet Endpoint Properties
      • Custom Connectors
        • Developing Custom Connectors
        • Deploying Custom Connectors
        • Using Custom Connectors
      • EtherNet/IP
        • EtherNet/Ip Connection Properties
        • EtherNet/Ip Endpoint Properties
      • FOCAS
        • FOCAS Connection Properties
        • FOCAS Endpoint Properties
      • Hottinger Baldwin Messtechnik (HBM)
        • HBM Connection Properties
        • HBM Endpoint Properties
      • Heidenhain DNC
        • Heidenhain DNC Connection Properties
        • Heidenhain DNC Endpoint Properties
      • HTTP/REST
        • HTTP/REST Connection Properties
        • HTTP/REST Endpoint Properties
      • HTTP Server/Node
        • HTTP Server Properties
        • HTTP Node Properties
      • InfluxDB
        • InfluxDB Connection Properties
        • InfluxDB Endpoint Properties
      • Kafka
        • Kafka Connection Properties
        • Kafka Endpoint Properties
      • Modbus/TCP
        • Modbus/TCP Connection Properties
        • Modbus/TCP Endpoint Properties
      • MQTT
        • MQTT Connection Properties
        • MQTT Endpoint Properties
      • MSSQL
        • Mssql Connection Properties
        • Mssql Endpoint Properties
      • OPC DA
        • OPC DA Connection Properties
        • OPC DA Endpoint Properties
      • OPC UA
        • OPC UA Client
          • OPC UA Client Connection Properties
          • OPC UA Client Endpoint Properties
        • OPC UA Server
          • OPC UA Server Properties
          • OPC UA Node Properties
        • OPC UA Object Types
        • OPC UA Server References
          • OPC UA Reference Node
          • OPC UA Object Node
      • Siemens SIMATIC S7
        • Siemens S7 Connection Properties
        • Siemens S7 Endpoint Properties
      • Shdr
        • Shdr Connection Properties
        • Shdr Endpoint Properties
      • SINUMERIK
        • SINUMERIK Connection Properties
        • SINUMERIK Endpoint Properties
      • SOPAS
        • SOPAS Connection Properties
        • SOPAS Endpoint Properties
      • SQL
        • SQL Connection Properties
        • SQL Endpoint Properties
      • Werma WIN Ethernet
        • Werma WIN Ethernet Connection Properties
        • Werma WIN Ethernet Endpoint Properties
      • Systemstate
        • Systemstate Endpoint Properties
    • API Reference
      • User Management (API)
      • Client Registry (API)
      • Services (API)
      • Resources (API)
      • System Status (API)
      • Resource Status Tracking (HTTP API)
      • Industry Protocol Details (API)
    • Changelog
Powered by GitBook
LogoLogo

Cybus

  • Terms and Condition
  • Imprint
  • Data Privacy

© Copyright 2025, Cybus GmbH

On this page
  • Pages
  • Permissions

Was this helpful?

  1. Documentation
  2. User Management
  3. Access Permissions for Admin-UI

UI Access

PreviousAccess Permissions for Admin-UINextMinimum Access Role Pages

Last updated 2 months ago

Was this helpful?

Pages

Below you can find the list of pages available on the Admin-UI along side the optional and required permissions to access them.

Data

Data Explorer

/data/explorer

Required permissions

Optional permissions

Services

Rule Sandbox

/services/rule-engine-sandbox

Required permissions

Optional permissions

Service Catalog

/services/catalog

Required permissions

Service Logs

/services/logs

Required permissions

Service Overview

/services/overview

Required permissions

Optional permissions

Edit template

/services/edit-template

Required permissions

Service Details

/services/overview/:serviceId

Required permissions

Optional permissions

  • In order to use Service`s Live Data the following permissions are required:

Connection

/services/overview/:serviceId/connections/:resourceId

Required permissions

Optional permissions

Container

/services/overview/:serviceId/containers/:resourceId

Required permissions

Optional permissions

Endpoint

/services/overview/:serviceId/endpoints/:resourceId

Required permissions

Optional permissions

Mapping

/services/overview/:serviceId/mappings/:resourceId

Required permissions

Optional permissions

Server

/services/overview/:serviceId/servers/:resourceId

Required permissions

Optional permissions

Volume

/services/overview/:serviceId/volumes/:resourceId

Required permissions

Optional permissions

Service Resources

/services/resources

Required permissions

Fulfil any of the required permissions below and Service Resources will be available

Optional permissions

Connections

/services/resources/connections

Required permissions

Optional permissions

Connection

/services/resources/connections/:resourceId

Required permissions

Optional permissions

Containers

/services/resources/containers

Required permissions

Optional permissions

Container

/services/resources/containers/:resourceId

Required permissions

Optional permissions

Endpoints

/services/resources/endpoints

Required permissions

Optional permissions

Endpoint

/services/resources/endpoints/:resourceId

Required permissions

Optional permissions

Mappings

/services/resources/mappings

Required permissions

Optional permissions

Mapping

/services/resources/mappings/:resourceId

Required permissions

Optional permissions

Servers

/services/resources/servers

Required permissions

Optional permissions

Server

/services/resources/servers/:resourceId

Required permissions

Optional permissions

Service Links

/services/resources/links

Required permissions

Optional permissions

Service Details

/services/resources/service/:resourceId

Required permissions

Optional permissions

  • In order to use Service`s Live Data the following permissions are required:

Volumes

/services/resources/volumes

Required permissions

Optional permissions

Volume

/services/resources/volumes/:resourceId

Required permissions

Optional permissions

Settings

Login

/settings/login

Optional permissions

  • In order to manage your password the following permissions are required:

System

Backup & Restore

/system/backup-and-restore

Required permissions

System Status

/system/status

Required permissions

Fulfil any of the required permissions below and System Status will be available

Optional permissions

Agents

/system/status/agents

Required permissions

Optional permissions

Internet Connectivity

/system/status/internet-connectivity

Required permissions

License

/system/status/license

Required permissions

Optional permissions

Metrics

/system/status/metrics

Required permissions

Optional permissions

System Container

/system/status/container

Required permissions

Optional permissions

Container

/system/status/container/:resourceId

Required permissions

Optional permissions

System Information

/system/status/information

Required permissions

Optional permissions

User

Client Registry

/user/client-registry

Required permissions

User Certificates

/user/certificates

Required permissions

User Management

Permissions

/user/management/permissions

Required permissions

Roles

/user/management/roles

Required permissions

Users

/user/management/users

Required permissions

Permissions

Below you can find the alternative permissions that can be assigned to users and roles in order to enable them to perform actions on the Admin UI.

Creating or updating services

Resource
Context
Operation

/api/services/+

http

write

/api/services

http

write

Detecting deviations

By using HTTP

Resource
Context
Operation

/api/services/+

http

read

/api/v2/resources/#

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

/api/v2/resources/#

http

read

Edit service templates

Resource
Context
Operation

/api/resources/schemas

http

read

/api/validate/service

http

write

Load configuration needed to manage users and roles

Resource
Context
Operation

/api/auth/ldap

http

read

/api/auth/mfa

http

read

Loading agents

By using HTTP

Resource
Context
Operation

/api/system/agents

http

read

/api/v2/resource-runners/#

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

Loading connection’s details

By using HTTP

Resource
Context
Operation

/api/connections/+

http

read

/api/v2/resources/#

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

/api/v2/resources/#

http

read

Loading connections

By using HTTP

Resource
Context
Operation

/api/connections

http

read

/api/v2/resources/#

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

/api/v2/resources/#

http

read

Loading Connectware’s metrics

Resource
Context
Operation

/api/system/metrics

http

read

/api/system/preflight

http

read

Loading Connectware’s system information

Resource
Context
Operation

/api/permissions

http

read

/api/system/info

http

read

/api/system/preflight

http

read

Loading Connectware’s topics metadata

Resource
Context
Operation

/api/topics

http

read

Loading core container’s details

By using HTTP

Resource
Context
Operation

/api/core-containers/+/inspect

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

Loading core containers

By using HTTP

Resource
Context
Operation

/api/core-containers/+/inspect

http

read

/api/core-containers/orchestrator

http

read

/api/core-containers

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

Loading endpoint’s details

By using HTTP

Resource
Context
Operation

/api/endpoints/+/topics

http

read

/api/endpoints/+

http

read

/api/v2/resources/#

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

/api/v2/resources/#

http

read

Loading endpoint’s state

By using HTTP

Resource
Context
Operation

/api/v2/resources/#

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

/api/v2/resources/#

http

read

Loading endpoints

By using HTTP

Resource
Context
Operation

/api/endpoints

http

read

/api/v2/resources/#

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

/api/v2/resources/#

http

read

Loading logs

Resource
Context
Operation

/api/core-containers/+/logs

http

read

/api/core-containers/orchestrator

http

read

/api/core-containers

http

read

/api/system/agents

http

read

Loading mapping’s details

By using HTTP

Resource
Context
Operation

/api/mappings/+/endpoint-topics

http

read

/api/mappings/+

http

read

/api/v2/resources/#

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

/api/v2/resources/#

http

read

Loading mapping’s state

By using HTTP

Resource
Context
Operation

/api/v2/resources/#

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

/api/v2/resources/#

http

read

Loading mappings

By using HTTP

Resource
Context
Operation

/api/mappings

http

read

/api/v2/resources/#

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

/api/v2/resources/#

http

read

Loading node’s state

By using HTTP

Resource
Context
Operation

/api/v2/resources/#

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

/api/v2/resources/#

http

read

Loading nodes

By using HTTP

Resource
Context
Operation

/api/nodes

http

read

/api/v2/resources/#

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

/api/v2/resources/#

http

read

Loading server’s details

By using HTTP

Resource
Context
Operation

/api/servers/+

http

read

/api/v2/resources/#

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

/api/v2/resources/#

http

read

Loading servers

By using HTTP

Resource
Context
Operation

/api/servers

http

read

/api/v2/resources/#

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

/api/v2/resources/#

http

read

Loading service container’s details

By using HTTP

Resource
Context
Operation

/api/containers/+/inspect

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

Loading service containers

By using HTTP

Resource
Context
Operation

/api/containers/+/inspect

http

read

/api/containers/orchestrator

http

read

/api/containers

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

Loading service’s catalog metadata

Resource
Context
Operation

/api/marketplace/app/meta

http

read

/api/marketplace/app

http

read

/api/marketplace/apps

http

read

Loading service’s details

By using HTTP

Resource
Context
Operation

/api/services/+/dependencies

http

read

/api/services/+

http

read

/api/v2/resources/#

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

/api/v2/resources/#

http

read

Loading service’s Live Data

Resource
Context
Operation

#

mqtt

readWrite

/api/v2/resources/#

http

read

Loading services

By using HTTP

Resource
Context
Operation

/api/services/+

http

read

/api/v2/resources/#

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

/api/v2/resources/#

http

read

Loading volume’s details

By using HTTP

Resource
Context
Operation

/api/volumes/+/inspect

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

Loading volumes

By using HTTP

Resource
Context
Operation

/api/volumes

http

read

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

Managing agents

Resource
Context
Operation

/api/resources/runners/+

http

write

Managing certificates

Resource
Context
Operation

/api/certificates/+

http

read

/api/certificates

http

readWrite

Managing connections

By using HTTP

Resource
Context
Operation

/api/connections/+/operation

http

write

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

Managing Connectware’s backups

Resource
Context
Operation

/api/maintenance/db/+

http

readWrite

/api/maintenance/db

http

read

Managing Connectware’s license

Resource
Context
Operation

/api/system/licensefile

http

write

/api/system/refresh

http

read

Managing Connectware’s metrics

Resource
Context
Operation

/api/system/metrics

http

write

Managing core containers

Resource
Context
Operation

/api/core-containers/+/operation

http

write

Managing endpoints

By using HTTP

Resource
Context
Operation

/api/endpoints/+/operation

http

write

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

Managing mappings

By using HTTP

Resource
Context
Operation

/api/mappings/+/operation

http

write

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

Managing permissions

Resource
Context
Operation

/api/permissions/#

http

read

Managing roles

Resource
Context
Operation

/api/roles/#

http

readWrite

/api/roles

http

write

Managing servers

By using HTTP

Resource
Context
Operation

/api/servers/+/operation

http

write

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

Managing service containers

By using HTTP

Resource
Context
Operation

/api/containers/+/operation

http

write

Or through MQTT

Resource
Context
Operation

#

mqtt

readWrite

Managing services

Resource
Context
Operation

/api/services/+/operation

http

write

/api/services/+

http

write

Managing the client registry

Resource
Context
Operation

/api/client-registry/+

http

readWrite

/api/client-registry

http

read

Managing users

Resource
Context
Operation

/api/listUsers

http

read

/api/users/#

http

readWrite

Managing volumes

Resource
Context
Operation

#

mqtt

readWrite

Managing your own password

Resource
Context
Operation

/api/users/change-password

http

write

Retrieving CW’s password policy

Resource
Context
Operation

/api/policy/password

http

read

Subscribing to MQTT Topics

Resource
Context
Operation

Any

mqtt

read

Use Multi-factor authentication

Resource
Context
Operation

/api/mfa/disable

http

write

/api/mfa/enable

http

write

/api/mfa/isenrolled

http

read

/api/mfa/login

http

write

/api/mfa/regenerate/backupcodes

http

write

/api/mfa/validate

http

write

Using the Rule Engine

Resource
Context
Operation

/api/endpoints

http

read

/api/rule-engine/+

http

write

Using the workbench

Resource
Context
Operation

/workbench/#

http

readWrite

/workbench

http

readWrite

Loading endpoint’s state
Loading mapping’s state
Loading node’s state
Subscribing to MQTT Topics
Loading Connectware’s topics metadata
Subscribing to MQTT Topics
Using the Rule Engine
Loading Connectware’s topics metadata
Creating or updating services
Loading service’s catalog metadata
Loading logs
Loading services
Creating or updating services
Loading service’s details
Managing services
Edit service templates
Loading service’s details
Loading service’s Live Data
Subscribing to MQTT Topics
Creating or updating services
Loading connections
Loading endpoints
Loading logs
Loading mappings
Loading servers
Loading service containers
Loading volumes
Managing services
Loading connection’s details
Loading logs
Managing connections
Loading service container’s details
Loading logs
Managing service containers
Loading endpoint’s details
Loading logs
Managing endpoints
Loading mapping’s details
Loading logs
Managing mappings
Subscribing to MQTT Topics
Loading server’s details
Loading logs
Loading nodes
Managing servers
Loading volume’s details
Loading logs
Managing volumes
Loading connections
Loading endpoints
Loading mappings
Loading servers
Loading service containers
Loading services
Loading volumes
Loading connection’s details
Loading endpoint’s details
Loading mapping’s details
Loading server’s details
Loading service container’s details
Loading service’s details
Loading volume’s details
Managing connections
Managing endpoints
Managing mappings
Managing servers
Managing service containers
Managing volumes
Loading connections
Loading connection’s details
Managing connections
Loading connection’s details
Loading logs
Managing connections
Loading service containers
Loading service container’s details
Managing service containers
Loading service container’s details
Loading logs
Managing service containers
Loading endpoints
Loading endpoint’s details
Managing endpoints
Loading endpoint’s details
Loading logs
Managing endpoints
Loading mappings
Loading mapping’s details
Managing mappings
Loading mapping’s details
Loading logs
Managing mappings
Subscribing to MQTT Topics
Loading servers
Loading server’s details
Managing servers
Loading server’s details
Loading logs
Loading nodes
Managing servers
Loading services
Loading service’s details
Loading service’s details
Loading service’s Live Data
Subscribing to MQTT Topics
Creating or updating services
Loading connections
Loading endpoints
Loading logs
Loading mappings
Loading servers
Loading service containers
Loading volumes
Managing services
Loading volumes
Loading volume’s details
Managing volumes
Loading volume’s details
Loading logs
Managing volumes
Managing your own password
Retrieving CW’s password policy
Use Multi-factor authentication
Managing Connectware’s backups
Loading Connectware’s metrics
Loading Connectware’s system information
Loading agents
Loading core containers
Loading core container’s details
Loading services
Managing Connectware’s license
Managing Connectware’s metrics
Managing agents
Managing core containers
Loading agents
Managing agents
Loading Connectware’s system information
Loading Connectware’s system information
Managing Connectware’s license
Loading Connectware’s metrics
Managing Connectware’s metrics
Loading core containers
Loading core container’s details
Managing core containers
Loading core container’s details
Loading logs
Managing core containers
Loading Connectware’s system information
Loading services
Managing the client registry
Managing certificates
Managing permissions
Load configuration needed to manage users and roles
Managing roles
Load configuration needed to manage users and roles
Managing users
Retrieving CW’s password policy