Resource
Resource is a generic term for any object that can be managed in SEER and Seer has a role-based access control system. Each role has one permissions level that defined. The permission level is used to determine what actions a user can perform on a resource.
Roles and Permission Levels
| Roles | Permission Level | Description |
|---|---|---|
| System Admin | LV1 | Full access to all resources and actions. (platform internal use, not for customer) |
| Workspace Admin | LV2 | Full access to resources and actions within the workspace. |
| Group Admin | LV3 | Full access to resources and actions within the group. |
| User | LV4 | some limited access to resources and actions. |
| Guest | LV5 | more limited access to resources and actions. |
Resource Hierarchy
Resource has hierarchy structure, workspace can have multiple groups, zones, devices . workspace can have multiple groups, zones, devices . zone can have multiple sub zones and devices.
User can only access the resources under the workspace or group that they belong to.
IAM Hierarchy
The Seer IAM service implements a hierarchical access control system with the following structure:
Description of Resources:
- Workspace: Top-level organizational unit that groups related resources and users
- Groups: Collections of users within a workspace that share common roles and permissions
- Profiles: Individual user accounts that can belong to multiple workspaces and groups
- Roles: Sets of permissions assigned to users, associated with specific groups
- Permissions: Fine-grained access controls that define what actions can be performed
Relationship Explanation:
- Workspace ↔ Profiles: Many-to-many relationship - workspaces can have many profiles (users), and profiles can belong to multiple workspaces
- Profiles → Groups: Profiles can belong to multiple groups within their workspaces
- Profiles → Roles: Profiles can have multiple roles across different groups
Action Matrix
| Action | Workspace Admin (LV2) | Group Admin (LV3) | User (LV4) | Guest (LV5) |
|---|---|---|---|---|
| Create Workspace | ❌ | ❌ | ❌ | ❌ |
| Update Workspace | ✔ | ❌ | ❌ | ❌ |
| Delete Workspace | ❌ | ❌ | ❌ | ❌ |
| Manage Workspace Application | ✔ | ❌ | ❌ | ❌ |
| Manage Workspace Users | ✔ | ❌ | ❌ | ❌ |
| Manage Workspace Devices | ✔ | ❌ | ❌ | ❌ |
| Create Group | ✔ | ❌ | ❌ | ❌ |
| Update Group | ✔ | ✔ | ❌ | ❌ |
| Delete Group | ✔ | ❌ | ❌ | ❌ |
| Manage Group Application | ✔ | ❌ | ❌ | ❌ |
| Manage Group Zones | ✔ | ✔ | ❌ | ❌ |
| Manage Group Users | ✔ | ✔ | ❌ | ❌ |
| Manage Group Devices | ✔ | ✔ | ❌ | ❌ |
| Use Group Devices | ✔ | ✔ | ✔ | ❌ |
| View Group Users | ✔ | ✔ | ✔ | ✔ |
| View Group Devices | ✔ | ✔ | ✔ | ✔ |
| View Group Zones | ✔ | ✔ | ✔ | ✔ |