When an account is shared with other operators, it is possible to define and assign roles to
these operators in order to control their access rights. Each Operator can have multiple unique roles assigned to them at any one time. Roles are represented as access policies in the platform.

Roles

Roles are assigned to a user to control which sets of API operations they are granted. The operations are logically grouped and tend to map to the modules within the UI. New users are assigned a default profile of Full-Access or Read-Only, though a custom profile can be created and specific APIs selected.

Security Groups

Security Groups are the only way to restrict access to assets within the platform. Assets can easily be added or removed from a group by managing their memberships through PesrpioWeb or PerspioTalk. Security Group can then be assigned to a user, resulting in the user being restricted to only assets that are members of their assigned security groups.

🚧
Important
Client Credentials Flow will provide full access to all data in the platform, though it is restricted to read-only operations. There is no ability to configure access restrictions for this flow. It is full read-only.
Authorization Code Flow is required for any write operations and any scenario where restricted access is required. Restricted access settings are configured through PerspioWeb.