Role Based Access Control
Role Based Access Control allows you to assign roles to individual users in COSMOS. By default, Enterprise Edition ships with 3 built-in roles: viewer, operator, and admin. These roles are mapped to the following COSMOS permissions.
| Permission | Description | Viewer | Operator | Admin |
|---|---|---|---|---|
| cmd | Send commands | |||
| cmd_raw | Send raw commands | |||
| cmd_info | View command info | |||
| tlm | View telemetry | |||
| tlm_set | Set telemetry | |||
| script_view | View scripts | |||
| script_edit | Edit scripts | |||
| script_run | Run scripts | |||
| system | Get cmd/tlm counts, interface/router info, targets, screens, tables. Everything that doesn’t explicitly belong to another permission. | |||
| system_set | Connect and disconnect interfaces and routers | |||
| admin | Upload, install and delete plugins and gems. Execute arbitrary Redis commands. Change Admin settings. |
Note that these roles and permissions are all scoped to the current Scope. There is also a special admin role scoped to ALLSCOPES which means it can delete scopes, plugins, and gems across all scopes.