DeviceBoard – Hub Administration Guide for Managing Hub Users
DeviceBoard – Hub Administration Guide for Managing Hub Users
DeviceBoard – Hub Administration Guide for Managing Hub Users
This guide explains how a Hub Admin can configure multi-level access control for Hub Users using:
- Device Groups
- Asset Groups
- User Roles (RBAC)
- Operational Permissions (ABAC)
The goal is to help administrators precisely control which devices/assets a user can view and what functionality they can operate inside DeviceBoard.
1. Understanding the Hub Structure in DeviceBoard
A Hub is the highest-level organizational boundary in DeviceBoard.
Everything inside a Hub—devices, assets, users, dashboards, AI models, and workflows—belongs to that Hub.
A Hub Admin is the highest-privileged user inside a Hub.
The Hub Admin can:
- Create and manage device models
- Create devices and device groups
- Create assets and asset groups
- Create and configure User Roles (RBAC + ABAC)
- Create and manage Hub Users
- Configure visibility, permissions, and operational capabilities
- Audit user activity
This guide focuses specifically on managing Hub Users through RBAC/ABAC and grouping models.
2. Access Control in DeviceBoard (RBAC + ABAC)
Role-Based Access Control (RBAC)
Defines which application modules a user can access.
Examples:
- Dashboard module
- Device management
- Asset management
- RulesFlow editor
- Alarm & Notification center
- AI Model Training
- Secure Device Firmware updates
- Reports
- Admin settings
Attribute-Based Access Control (ABAC)
Defines what operations the user is allowed to perform inside those modules.
Examples:
- View device telemetry
- Write device commands
- Edit device attributes
- Create/clear alarms
- Acknowledge alarms
- Manage reports
- Start/stop AI model training
- Edit dashboards
- Manage asset attributes
- Execute bulk operations
ABAC is fine-grained and applies at the functionality level.
3. Device Groups and Asset Groups
Device Groups
A Device Group is a logical set of devices, which may come from multiple Device Models.
When are device groups useful?
- Regional clusters (e.g., “North Zone Devices”)
- Department-based grouping (e.g., “Factory Temperature Sensors”)
- Customer segmentation (e.g., “Premium Clients Devices”)
- Role-based access (e.g., “Technician Devices Group”)
Users only see telemetry, alarms, analytics, dashboards, and reports related to the devices assigned via groups.
Asset Groups
Similar to Device Groups, but for Assets.
Use cases:
- Grouping buildings, floors, rooms
- Grouping machines and industrial equipment
- Grouping logical containers (e.g., “Cooling Towers”)
Hub Users only see assets within their assigned Asset Groups.
4. User Roles – Defining RBAC & ABAC
RBAC – Application Module Access
Defines which application modules a user can access.
Example permissions:
- Can access Dashboard
- Can access Device Module
- Can access RulesFlow
- Can access Alarms
- Can access Notifications
- Can access AI Training module
ABAC – Operational Rights
Defines what operations the user is allowed to perform.
Example permissions:
- Can edit devices
- Can send commands to devices
- Can view or modify attributes
- Can acknowledge alarms
- Can modify dashboards
- Can run AI inference manually
- Can manage reports
A role may contain both RBAC and ABAC policies together.
5. Hub User = Device Group Assignment + Asset Group Assignment + Role Assignment
A Hub User gains effective permissions based on three elements:
- Device Group(s) – Which devices the user can see
- Asset Group(s) – Which assets the user can see
- User Role(s) – What modules and operations the user can perform
The Hub Admin may assign:
- One or multiple Device Groups
- One or multiple Asset Groups
- One or multiple Roles per user
This enables extremely flexible access control.
6. Step-by-Step: How a Hub Admin Manages Hub Users
6.1 Creating a Device Group
Go to Device Groups
Hub Admin → Devices → Device Groups
Click “Create Device Group”
Configure Device Group
- Name (e.g., “Zone A Equipment”)
- Description (optional)
Add Devices
- Any Device Model
- Search by name
- Bulk selection supported
Save
The device group is now available for user assignment.
6.2 Creating an Asset Group
Hub Admin → Assets → Asset Groups → Create
Select assets from multiple Asset Models.
6.3 Creating a User Role (RBAC + ABAC)
Hub Admin → Settings → User Roles
6.4 Creating a Hub User
Hub Admin → Users → Create User
7. Effective Permission Model (Example)
Example Hub User: Technician A
Assigned:
- Device Group: “Factory Floor Devices”
- Asset Group: “Factory Area Assets”
- Role: “Technician Role” (RBAC + ABAC)
Technician A cannot:
- Access devices outside assigned group
- Edit dashboards
- Train AI models
- Access system-wide settings
8. Managing Existing Hub Users
8.1 Editing User Access
- Device groups
- Asset groups
- User roles
- Login status (active / inactive)
8.2 Suspending a User
Temporarily disable user access without deleting user data or assignments.
8.3 Resetting Password
Send a password reset link or manually set new credentials for the user.
8.4 Auditing User Activity
- Login logs
- Alarm acknowledgments
- Device command history
- Dashboard edits
- Model training actions
9. Access Control Strategy for Large Hubs
9.1 Create Standard Roles
- Viewer
- Technician
- Supervisor
- Admin Assistant
- AI Analyst
- Operational Manager
9.2 Use Device Groups
- Regions
- Departments
- Customers
- Projects
- Facility zones
9.3 Minimize Per-User Configuration
Use reusable Groups, Roles, and Templates.
9.4 Avoid Overlapping Permissions
Too many overlapping roles may complicate debugging.
10. FAQ for Hub Admins
Yes. The user will get visibility to all devices across assigned groups.
Yes. Permissions are merged across roles.
DeviceBoard uses a union model — if any role grants permission, the user gets it.
- Show blank
- Or hide automatically
ABAC lets you disable actions like sending commands, clearing alarms, and editing device attributes without restricting module visibility.
11. Summary
DeviceBoard gives Hub Admins complete control over user access using:
- Device Groups – control what DATA a user sees
- Asset Groups – control which ASSETS are visible
- User Roles (RBAC) – control which MODULES user can open
- ABAC Permissions – control what ACTIONS the user can perform
Combined, these tools allow DeviceBoard to support:
- Large enterprises
- Distributed teams
- Multi-region management
- Multi-tenant style segmentation
- High-security operational boundaries