# Users In Connectware, users are a known identity (person or software/hardware agent) with associated data permissions and/or administrative access. This chapter guides you through the user management in Connectware, from creating new users to assigning permissions. Each permission represents a specific access right to a resource, whether it is an MQTT topic or an HTTP endpoint, with clearly defined read and/or write capabilities. {% hint style="info" %} Before creating individual users, establish a clear role-based access control strategy by defining roles that correspond to job functions within your organization. This approach simplifies user management and ensures consistent application of security policies. {% endhint %} During installation, Connectware creates a default administrator user to ensure immediate system access. This user is named `admin` and has the `connectware-admin` role assigned to provide comprehensive permissions. For more information, see [Default Admin User](https://docs.cybus.io/documentation/user-management/users/default-admin-user). ## Users View The **Users View** provides a comprehensive view of all users in Connectware, including their assigned roles and permissions. * To open the **Users View**, click **User** in the navigation panel.

## Adding New Users 1. In the **Users View**, click **Add User** to open the **Create User** dialog.

2. Do one of the following: * To add users with pre-defined roles quickly, use the [default mode](#default-mode). * To define roles and permissions more granularly, use the [advanced mode](#advanced-mode). ### Default Mode 1. In the **Create User** dialog, enter the username, password, and password confirmation. 2. Optional: To assign a set of pre-defined roles to the user, click the **Roles** field and select a role. You can repeat this step to assign multiple roles. 3. Click **Create**. The dialog will close, and the new user will appear in the overview table. ### Advanced Mode In the advanced mode, you can assign a set of pre-defined roles to the user and/or individual permissions. {% hint style="info" %} We recommend to manage permissions through roles rather than individual user permissions for easier maintenance. For more information, see [Roles](https://docs.cybus.io/documentation/user-management/roles). {% endhint %} 1. In the **Create User** dialog, enter the username, password, and password confirmation. 2. Activate **Advanced Mode**.

3. Optional: To assign a set of pre-defined roles to the user, click the **Roles** field, select a role, and click **Add**. You can repeat this step to assign multiple roles. 4. Optional: To assign individual permissions, click the **+** button to open the **Add Permission** dialog. * Select the permission type: **HTTP** for accessing the REST API using HTTP clients or **MQTT** for accessing MQTT topics on CybusMQ. * In the **Endpoint** field, enter the resource path, which follows MQTT topic conventions. The specified topic can be a single topic or a wildcard. HTTP permissions for the resource path follow an MQTT topic structure. This means that you can use wildcards (**#** and **+**) in valid expressions, and paths must start with a leading slash (**/**). * Select the access type: **read**, **write**, or **both**. * Click **Add** to add the permission.

5. Click **Create**. The dialog will close, and the new user will appear in the overview table. ## Deleting Users You can delete users that are no longer needed. {% hint style="warning" %} Deleting a user is permanent and cannot be undone. Before proceeding, ensure that you have backed up any important user-specific configurations or transferred necessary permissions to other users. {% endhint %} 1. In the navigation panel, click **User**. 2. In the **Users View**, click the user that you want to delete. This opens the **Edit User** dialog.

3. Click the **Delete** button in the top right of the **Edit User** dialog.

4. Click **Delete** again to confirm. The user will be deleted.

## Changing Usernames 1. In the **Users View**, click the user that you want to edit. This opens the **Edit User** dialog. 2. In the **Edit User** dialog, enter a new username in the **Username** field. 3. Click **Update** to apply the changes. The dialog will close, and the username will be updated. ## Adding Roles to Users Roles provide a convenient way to assign multiple permissions at once. By adding roles to users, you can quickly grant them access to specific system functions without configuring individual permissions. {% hint style="info" %} Assign roles based on job functions or responsibilities rather than individual users to maintain consistent access control across your organization. {% endhint %} 1. In the navigation panel, click **User**. 2. In the **Users View**, click the user to whom you want to add roles. This opens the **Edit User** dialog. 3. In the **Edit User** dialog, click the **Roles** field to open the list of available roles.

4. Click the **Roles** field and select a role. You can repeat this step to assign multiple roles. 5. Click **Update**. The dialog will close and the user will be updated with the selected roles.

## Removing Roles from Users When a user's responsibilities change, you may need to remove roles from them to adjust their access permissions. {% hint style="warning" %} Removing a role removes all associated permissions from the user. {% endhint %} 1. In the navigation panel, click **User**. 2. In the **Users View**, click the user from whom you want to remove roles. This opens the **Edit User** dialog. 3. In the **Edit User** dialog, click the **x** next to the role name in the **Roles** field to remove the role.

4. Click **Update**. The dialog will close and the user will be updated.

## Assigning Permissions to Users While roles are the recommended way to manage permissions, there may be cases where you need to grant specific permissions to individual users without creating a new role. 1. In the navigation panel, click **User**. 2. In the **Users View**, click the user to whom you want to assign individual permissions. This opens the **Edit User** dialog. 3. In the **Edit User** dialog, activate **Advanced Mode**.

Activating Advanced Mode in Edit User dialog

4. To assign individual permissions, click the **+** button to open the **Add Permission** dialog. * Select the permission type: **HTTP** for accessing the REST API using HTTP clients or **MQTT** for accessing MQTT topics on CybusMQ. * In the **Endpoint** field, enter the resource path, which follows MQTT topic conventions. The specified topic can be a single topic or a wildcard. HTTP permissions for the resource path follow an MQTT topic structure. This means that you can use wildcards (**#** and **+**) in valid expressions, and paths must start with a leading slash (**/**). * Select the access type: **read**, **write**, or **both**. * Click **Add** to add the permission.

5. Click **Update**. The dialog will close, and the user will be updated with the new permissions. ## Removing Permissions from Users When specific permissions are no longer needed, you can remove them while keeping other permissions intact. {% hint style="warning" %} Removing individual permissions does not affect permissions granted through roles. To completely remove access to a resource, ensure the user doesn't have access through any assigned roles. {% endhint %} 1. In the navigation panel, click **User**. 2. In the **Users View**, click the user to whom you want to assign individual permissions. This opens the **Edit User** dialog. 3. In the **Edit User** dialog, activate **Advanced Mode**.

4. To remove a permission, click its **Remove** button in the **Action** column of the permissions list.

5. Click **Update**. The dialog will close, and the user will be updated. ## Changing User Passwords Regularly updating passwords is an important security practice. 1. In the navigation panel, click **User**. 2. In the **Users View**, click the user for whom you want to change the password. This opens the **Edit User** dialog. 3. In the **Edit User** dialog, click **Change Password**.

4. In the **Password** field, enter the new password and confirm it in the **Confirm Password** field. 5. To apply the changes, click **Update**. The dialog will close and the user will be updated with changes.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cybus.io/documentation/user-management/users.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.