Roles & Access
Fleet Manager is multi-tenant. What you can see and do is governed by two things:
- Your role inside the current tenant (organization) —
admin,operator, orviewer. - Any system role you hold across the whole platform —
SUPERUSERorSUPPORT.
The sidebar only shows the modules your role can use, so two people signed into the same tenant may see different menus.
Tenant roles
Section titled “Tenant roles”Every member of a tenant has exactly one of these roles:
| Role | In a nutshell |
|---|---|
| admin | Full control of the tenant — everything below, plus users, API keys, settings |
| operator | Day-to-day operations — manage devices, deployments, groups, registries |
| viewer | Read-only — see devices, groups, applications, and deployments |
What each role can do
Section titled “What each role can do”“Edit” means create and update; “Manage” additionally means delete. A blank cell means the module is not shown to that role.
| Area | viewer | operator | admin |
|---|---|---|---|
| Dashboard | View | View | View |
| Devices | View | Edit | Manage |
| Groups | View | Edit | Manage |
| Applications | View | View | Manage |
| Deployments | View | Edit + roll out | Manage + approve |
| Repositories (Git/OCI) | — | Edit | Manage |
| Certificates | — | View | Manage |
| Users | — | View | Manage |
| API Keys | — | — | Manage |
| Audit Logs | — | View | View |
| Settings (tenant) | — | — | Manage |
| Profile (your own) | Yes | Yes | Yes |
Notes:
- Deployments: operators can create and roll out deployments; approving a deployment (where approval is required) is an admin capability.
- Viewers see only Dashboard, Devices, Groups, Applications, Deployments, and their own Profile. Repositories, Certificates, Users, API Keys, and Audit Logs are hidden for viewers.
- API Keys are administered from Settings → Security and are available to admins only.
System roles
Section titled “System roles”System roles are granted at the platform level and apply across every tenant.
| System role | What it grants |
|---|---|
| SUPERUSER | Cross-tenant administration: act in any organization, create and administer tenants, switch tenant context. Bypasses tenant role checks. |
| SUPPORT | Elevated access for support and troubleshooting, similar in spirit to SUPERUSER. |
A superadmin (SUPERUSER) sees the Tenants module and can switch between organizations. Tenant switches are recorded in the audit log.
How roles map to the menu
Section titled “How roles map to the menu”- Everyone sees Dashboard, Devices, Groups, Applications, Deployments, and their Profile.
- Repositories, Certificates, Users, Audit Logs appear for admins and operators.
- API Keys and tenant Settings appear for admins.
- Tenants appears only if you belong to more than one tenant or hold a system role.
See each module guide for the exact actions available on that page.