The Control Hub supports setting separate permission scopes for users (groups) and devices (groups). Although these permissions are independent, they work together in actual user management and device interaction scenarios. User (groups) permissions determine which devices can be discovered and viewed by a specific user, while device (groups) operation permissions define what actions a user or user group can perform on the visible devices.

User Management Page Permissions

Permissions configured on the user management page are designed to allow users or user groups to have specific permissions for visible (accessible) devices. These permissions include actions like viewing device basic information, managing device operational status, etc. For example, an administrator can configure a user group to have permission to view a specific device, enabling members of that group to access certain device features.

These permissions are based on device visibility. In other words, permissions configured on the user management page are effective only if the device is visible (accessible). If a device is invisible, users will not be able to operate on it, even if permissions are granted on the user management page.

Different levels of users or user groups can be assigned different permission scopes. For example, advanced users may be granted full management permissions for all visible devices, including viewing devices, managing devices, approving, deleting, or denying devices, while regular users may only be allowed to view basic device status, such as whether the device is online. This differentiation of permissions based on user roles or groups helps improve system security and management efficiency.

× indicates not supported, √ indicates supported.

Device Security (Visibility/Access)

Each device can independently configure its security (visibility/access) settings. This means that each device can set whether to allow access by designated users or groups based on its specific requirements or security policies. For example, an important device, due to its critical nature, may be set to allow only a specific administrator group to access it, while denying access to other users or groups. This independent configuration method gives devices the highest level of control, allowing for customized security needs for special devices.

Devices can also inherit security (visibility/access) configurations from their device group. When a device belongs to a device group, it can either choose to be independently configured to meet its security needs or inherit the security policies set for the device group. Inheriting a group-wide security policy simplifies the configuration process, especially when devices in the group share similar security needs. For example, if a group has a security policy and the device has an independent security policy, only users who are shared by both the group and the device security policies will be allowed visibility.

Additionally, devices and device groups can inherit global security (visibility/access) configurations. However, the global configuration for the device group only applies to the device group itself. If the device has individual security settings for a user, the device's settings will not be affected by the device group's global configuration. Global settings apply to the entire system, ensuring the overall security of the network. For example, if a global security policy prohibits non-administrator users from accessing internal devices, all devices will inherit this policy unless specifically configured otherwise.

× indicates not supported, √ indicates supported.

× indicates not supported, √ indicates supported.