User roles and Permissions

CleverMaps is a multitenant cloud application, which means that a single instance of the application serves multiple users at the same time. Registered users have access to various projects. There can be more than one user in a project, and one user can have access to one or more projects. In the scope of a project, users can also have different user roles which describes what they are allowed to do with the project. More about this relationship in CleverMaps Platform.

User roles

There are 6 user roles in CleverMaps - Viewer, View Creator, Metadata Editor, Data Editor, Load Data and Admin and 19 permissions assigned to them.

User role	Description
Viewer	is the lowest user role available. After accepting an invitation to a project, you become a Viewer. A Viewer can open map views in a project and filter data.
View Creator	has all the permissions of Viewer role and, in addition, it is able to create/delete own project metadata of following types: `view`, `dashboard`, `marker selector`, `indicator drill`. NOTE: After creating `views` by View Creator role, these (personal saved views) are visible only to creator and are displayed in alphabetical order at the end of view list in project page in UI. In order for personal saved views to be visible for all users these views must be included in `defaultViews` list of `ProjectSettings` metadata object. Managing of `ProjectSettings` metadata object can be done only by user with Metadata Editor or Admin role. See Project settings for more details on `defaultViews` list.
Metadata Editor	has all the permissions of Viewer role and, in addition, it is able to create/update/delete all project metadata (except for `DataPermissions` metadata type), and validate the data.
Data Editor	has all the permissions of View Creator and Load Data role.
Admin	have all the permissions of the lower user roles, plus you are able to load/dump project data, invite other users into the project, and manage existing memberships. User management interface is available in the application by hovering the Account icon on the bottom left of the Project page, and selecting User management.
Load Data	is able to load and validate the project data only. Users with this role may be used for automated data upload, as an account used in a Shell script. This role is not part of the role hierarchy described above.

Permissions

Category	Permission	Viewer	View Creator	Metadata Editor	Data Editor	Admin	Load Data
project permissions	access a project
	get project detail
	delete a project
	update a project
project membership	add project membership
	list project membership
	update project membership
	delete project membership
project invitations	invite to project
	list project invitations
	update project invitation
project data	load project data
	dump project data
	validate project data
project metadata	create view
	delete own view
	create dashboard
	delete own dashboard
	create marker selector
	delete own marker selector
	create indicator drill
	delete own indicator drill
	create all metadata (except for data permissions)
	update all metadata (except for data permissions)
	delete all metadata (except for data permissions)
	update data permissions
project audit	get audit log
stories	view stories
stories	add/edit/remove stories