Role Based Access Control

Role Based Access Control allows you to assign roles to individual users in COSMOS. By default, Enterprise Edition ships with 3 built-in roles: viewer, operator, and admin. These roles are mapped to the following COSMOS permissions.

Permission Description Viewer Operator Admin
cmd Send commands    
cmd_raw Send raw commands    
cmd_info View command info
tlm View telemetry
tlm_set Set telemetry    
script_view View scripts
script_edit Edit scripts  
script_run Run scripts    
system Get cmd/tlm counts, interface/router info, targets, screens, tables. Everything that doesn’t explicitly belong to another permission.
system_set Connect and disconnect interfaces and routers
admin Upload, install and delete plugins and gems. Execute arbitrary Redis commands. Change Admin settings.    

Note that these roles and permissions are all scoped to the current Scope. There is also a special admin role scoped to ALLSCOPES which means it can delete scopes, plugins, and gems across all scopes.