Role and Authentication

Accounts management fulfills enterprise users' multi-role management requirements, by assigning different permissions and projects to different roles. Different personnel can be invited within the enterprise to do detailed management of resources.

Subaccounts System

A subaccount is an account created by an EMQX Platform user. Subaccounts will be activated after email authentication. An EMQX Platform user account currently cannot be registered as a subaccount. On the contrary, subaccount email can be registered as an EMQX Platform user. Additionally, it can be registered as a subaccount under other EMQX Platform user account.

Subaccounts get a separate login page for subaccounts only.

Accounts Categories

Administrator：Same as the platform account, Administrator have all the access to the platform and is the super administrator in the subaccount system. It is important to note that although functionally equivalent to the platform account, the administrator still belongs to the system of subaccount.

Project Administrator：Project Administrators have permission to view and modify projects and to modify and delete deployments. Project administrator is mainly used for project deployment-related management. For example, an organization needs to have separate cluster management and designate a person as administrator for a certain project. Assigning the project administrators will give them sufficient access instead of full access to the project.

Project User：Project users have permission to view the project, and the permission to view and edit the deployment. Project users are usually business developers. In addition to viewing projects and deployment permissions, they can also view deployment details, use Data Integrations and monitoring, and further process-related business requirements.

Accountant：Accountants have financial management permissions and can view projects and deployments. They can manage the billing, balance, invoices, etc.

Auditor：Auditors can view projects, deployments, accounts, and Accountants. The audit role addresses the need for internal company audits and can have viewing permissions to various features of the platform.

Role list:

Permissions		Project Administrator	Project User	Accountant	Auditor
Deployment	View deployment list	✓	✓	✓	✓
	Create new project in the deployment list	✗	✗	✗	✗
	Edit project in the deployment list	✓	✗	✗	✗
	Delete project in the deployment list	✗	✗	✗	✗
	Create new deployments	✓	✗	✗	✗
	Move deployments to other project	✓	✗	✗	✗
	Start/Stop the deployment	✓	✗	✗	✗
	Delete deployment	✓	✗	✗	✗
	Change deployment's name	✓	✓	✗	✗
	Change to annual plan	✓	✗	✗	✗
	TLS/SSL Configuration	✓	✓	Read only	Read only
	VPC Connection Configuration	✓	✓	Read only	Read only
	REST API Configuration	✓	✓	Read only	Read only
	Certification Authentication Configuration	✓	✓	Read only	Read only
	Data Integrations Configuration	✓	✓	Read only	Read only
	Monitoring	✓	✓	Read only	Read only
	Metrics	✓	✓	✓	✓
	Logs	✓	✓	✓	✓
	Alerts	✓	✓	Read only	Read only
	Online Debugging	✓	✓	✗	✗
Subaccounts	View Subaccounts List	✗	✗	✗	✓
	Subaccounts Operation	✗	✗	✗	✗
Project Management	View project list	✓	✓	✓	✓
	Create new projects	✗	✗	✗	✗
	Delete the project	✗	✗	✗	✗
	Edit the project	✓	✗	✗	✗
	Project bind subaccounts	✗	✗	✗	✗
Billing	Billing Overview	✗	✗	✓	✓
	Change credit card info	✗	✗	✓	✗
	View Bills page	✗	✗	✓	✓
	View Charges by Services page	✗	✗	✓	✓
	View Coupons	✗	✗	✓	✓
	View Invoices	✗	✗	✓	✓
	Download Invoices	✗	✗	✓	✗
Value Added Services	View VAS List	✓	✓	✗	✗
	Enable a Service	✓	✗	✗	✗
	Service Usage	✓	✓	Read Only	Read Only
	Delete a Service	✗	✗	✗	✗
Events		✓	✓	✓	✗
Tickets		✓	✓	✓	✓