What is RBAC?
Role-Based Access Control (RBAC) is the way the platform manages who can see and do what.
Instead of giving individual permissions to each user, you assign a role that comes with a predefined set of permissions. This makes access management:
More secure – users only see data and features that match their responsibilities.
Easier to manage – especially when people join, change roles, or leave.
Consistent – the same role always means the same access level.
The RBAC model follows your organisational structure:
Partner – your organisation as a partner of the platform provider
Customer – customers managed under a partner
Environment (EMS Location) – single live EMS locations belonging to a customer
RBAC hierarchy
The RBAC system is organised into three tiers:
Partner level
Represents partner organisations that work directly with the platform provider.Customer level
Represents customers that are managed under a specific partner.Environment (EMS location) level
Represents individual EMS locations (live sites) assigned to a customer.
Each level has its own set of roles, designed for typical responsibilities at that level.
Partner-level roles
Partner-level roles apply across all customers under a specific partner.
Partner Admin
Full administrative rights across all customers under the partner.
Can:
Add, remove, and manage users.
Assign and change roles.
Adjust access rights for any customer or location in the partner scope.
Best for: Platform administrators at the partner organisation.
Partner User
Full access to all features and data under the partner’s scope.
Cannot:
Manage users.
Manage roles or access rights.
Best for: Operational staff who need full access but don’t manage users.
Partner Simulation User
Can access and operate simulation-related features within the partner’s scope.
Cannot:
Create or manage customers.
Manage production EMS locations (unless also assigned another role).
Best for: Users working in test/simulation environments without touching customer configuration.
Partner Viewer
Read-only access to all customers and related data under the partner.
Cannot:
Change any configuration.
Operate EMS locations.
Best for: Management, auditors, or stakeholders who only need visibility.
Partner Finance
Access to financial and billing information for all customers under the partner.
Includes addresses, invoices, and payment details.
Cannot:
Modify operational settings.
Manage users, roles, or EMS operations.
Best for: Finance and billing teams at the partner organisation.
Customer-level roles
Customer-level roles apply to one specific customer and all its EMS locations.
Customer Admin
Full administrative rights for one customer.
Can:
Manage all EMS locations under that customer.
Add and remove users for that customer.
Assign and adjust roles within that customer scope.
Best for: Customer-side administrators responsible for their own organisation.
Customer User
Full functional access across all locations for a single customer.
Cannot:
Create, remove, or manage users.
Change role assignments.
Best for: Operational or technical staff working across all of a customer’s locations.
Customer EMS Viewer
Read-only access to all live EMS locations for one customer.
Can:
View live data and system status.
Cannot:
Operate or configure EMS locations.
Best for: Monitoring-only users at the customer (e.g. observers, management).
Customer EMS Operator
Operational access to all live EMS locations for one customer.
Can:
View live data and status.
Start, stop, and adjust operational parameters (where supported).
Cannot:
Manage users or roles.
Best for: Operators managing day-to-day EMS operation for a specific customer.
Environment (EMS location) level roles
Environment-level roles are restricted to a single EMS location.
Environment EMS Viewer
Access limited to one EMS location.
Can:
View live data, trends, and status for that location.
Cannot:
Control or adjust anything in that location.
Best for: Local stakeholders or users who only need visibility for one site.
Environment EMS Operator
Access limited to one EMS location.
Can:
View live data and status for that location.
Operate that EMS environment (start/stop/adjust operational parameters, where supported).
Cannot:
Manage users or roles.
Best for: On-site or local operators responsible for a specific location.
Cross-level access and multi-location assignments
Although roles are defined per tier, the RBAC model supports cross-level assignments where needed.
Examples:
A user can be assigned Environment EMS Viewer for multiple locations, even if those locations:
Belong to different customers, or
Sit under different partners (depending on your configuration).
A user might be:
Customer EMS Operator for one customer, and
Environment EMS Viewer for a specific location under another customer.
This flexibility allows:
Central teams to monitor or operate distributed EMS operations.
External stakeholders (e.g. service providers) to work across multiple customers or locations with controlled access.
