EMQX Platform Docs

English

简体中文

English

简体中文

Appearance

Contact Us

Roles and Permissions

Accounts management fulfills enterprise users' multi-role management requirements, by assigning different permissions and projects to different roles. Different personnel can be invited within the enterprise to do detailed management of resources.

Subaccounts System

A subaccount is an account created by an EMQX Platform user. Subaccounts will be activated after email authentication. An EMQX Platform user account currently cannot be registered as a subaccount. On the contrary, subaccount email can be registered as an EMQX Platform user. Additionally, it can be registered as a subaccount under other EMQX Platform user account.

Subaccounts get a separate login page for subaccounts only.

default_project

Accounts Categories

Administrator: Same as the platform account; Administrators have all the access to the platform and is the super administrator in the subaccount system. It is important to note that although functionally equivalent to the platform account, the administrator still belongs to the system of subaccount.

Project Administrator: Project Administrators have permission to view and modify projects and to modify and delete deployments. Project administrator is mainly used for project deployment-related management. For example, an organization needs to have separate cluster management and designate a person as administrator for a certain project. Assigning the project administrators will give them sufficient access instead of full access to the project.

Project User: Project users have permission to view the project, and the permission to view and edit the deployment. Project users are usually business developers. In addition to viewing projects and deployment permissions, they can also view deployment details, use Data Integrations and monitoring, and further process-related business requirements.

Accountant: Accountants have financial management permissions and can view projects and deployments. They can manage the billing, balance, invoices, etc.

Auditor: Auditors can view projects, deployments, accounts, and Accountants. The audit role addresses the need for internal company audits and can have viewing permissions to various features of the platform.

Role Permission List

Note: (Allow), (Deny), Read only (View only)

PermissionsProject AdministratorProject UserAccountantAuditor
DeploymentView deployment list
View deployment details (all features within deployments)
Create new deployments
Move deployments to other projects
Start/Stop the deployment
Delete deployment
Change deployment's name
Change deployment tiers
Change spend limit for Serverless
Update BYOC license
Ports management
TLS/SSL configurationRead onlyRead only
Deployment API keyRead onlyRead only
VPC/PrivateLink configurationRead onlyRead only
NAT gateway/Internal endpoint configurationRead onlyRead onlyRead only
Access control configurationRead onlyRead only
Monitor managementRead onlyRead only
Data integration configurationRead onlyRead only
Cluster linking configuration (Premium)Read onlyRead only
Gateway configurationRead onlyRead only
Logs
View event history (Premium)
Online test
Streaming (Premium)View overview
Streams managementRead onlyRead only
View consumer groups
Access control configurationRead onlyRead only
SubaccountsView subaccounts list
Subaccounts operation
Project ManagementView project list✓ (authorized projects only)✓ (authorized projects only)
Create new projects
Delete project
Edit project name and note
Project bind subaccounts
BillingBilling overview
Change payment info
View bills page
View charges by services page
View coupons
View invoices
Download invoices
Subscription renewal
Audit Logs
Platform API keyView platform API key
Manage platform API key
Tickets