Skip to main content
All CollectionsGetting Started with Celona 5G LAN
User Administration and Role-based Access Control (RBAC)
User Administration and Role-based Access Control (RBAC)

Create and update user profiles with specific roles and permissions in the Orchestrator

Team Celona avatar
Written by Team Celona
Updated over 8 months ago

As an admin of the Celona network, you can create/edit/delete user profiles, explicitly define their role, and manage access accordingly.

User Roles: Organizational Level

At an organizational level, Celona Orchestrator supports the following user roles -

Role

Customer Scope

Read-Permissions

Write-Permissions

Admin

customer organization

All

All

Observer

customer organization

All

N/A

Observer (Type-1)

customer organization

All (except events, alerts, support)

N/A

Restricted Observer

customer organization

Device events for specified device groups (via API only)

N/A

Installer

customer organization

Access Points (list, details)

CPI workflow

Device Manager

customer organization

All

Device Lifecycle Management

Device Manager (Type-1)

customer organization

All (except events, alerts, support)

Device Lifecycle Management

Admin

Complete read and write privileges for all monitoring and management workflows in the Orchestrator

Observer

Read-only access to the entire Orchestrator

Observer (Type-1)

Access is similar to the Observer role, excluding Monitoring (Events, Alerts, Device Event Timeline) and Support (Support Cases, Diagnostic tools)

Restricted Observer

Access is limited to device events for specified device groups. This role is available via API only

Installer

Role is intended for CPI (Certified Professional Installer) users, with the following Orchestrator access -

  • read access to AP Inventory

  • read access to AP Details

  • read and write access to their own user profile to set up CPI certificate credentials

  • read and write access to AP antenna parameters to set and attest the location (Latitude/Longitude) of the AP

Device Manager

  • read-only access to the Orchestrator, similar to the Observer role

  • read-only access to Device inventory and Device details page

  • QR code download for eSIMs

  • Device (SIM) lifecycle management, including activation, assignment, deactivation, and naming of the devices

Device Manager (Type-1)

Access is similar to the Device Manager Role, excluding Monitoring (Events, Alerts, Device Event Timeline) and Support (Support Cases, Diagnostic tools)

User Roles: MSP Level

At an MSP (Managed Service Provider) level, Celona Orchestrator supports the following user roles -

Role

Customer Scope

Read-Permissions

Write-Permissions

MSP Admin

All or a subset of the child organizations of the MSP

All

All

MSP Observer

All or a subset of the child organizations of the MSP

All

N/A

MSP Observer (Type-1)

All or a subset of the child organizations of the MSP

All (except events, alerts, support)

N/A

MSP Installer

All or a subset of the child organizations of the MSP

Access Points (list, details)

CPI workflow

MSP Device Manager

All or a subset of the child organizations of the MSP

All

Device Lifecycle Management

MSP Device Manager (Type-1)

All or a subset of the child organizations of the MSP

All (except events, alerts, support)

Device Lifecycle Management

Note: Please note that the customer scope for the above user roles may be all child organizations or a subset based on the scope defined for the MSP user.

Identity Management via SSO

Orchestrator supports User administration and Identity management via

Create a New User

Admin users of an Organization can create additional user profiles and assign them a role. To create a new user profile, go to Users under Admin Settings, click on ADD USER on the top right corner. Enter the following information -

  • First Name (Mandatory)

  • Last Name (Mandatory)

  • Email (Mandatory)

  • Mobile (Optional)

  • Access Control - Role

    • Admin, Observer, Installer, Device Manager, Device Manager (Type-1), Observer (Type-1)

Edit User

Admin users of an Organization can also edit or delete user profiles. To edit an existing user's profile, go to Users under Admin Settings, find the user in the table, and click the edit icon. You can now make any desired changes and click Update to save your modifications.

Did this answer your question?