Appearance
User Management — Roles
The Roles section (/role) manages reusable permission bundles. A role describes which devices and services may be touched; assigning a role to a user gives them everything in that bundle. Roles live inside groups, which scope what's available to assign.
Contents
- The access model in one minute
- Page layout
- Role table
- Detail tabs
- Creating, editing, deleting roles
- Deep links
- Persistence — what is remembered
1. The access model in one minute
A user belongs to a group and holds one or more roles. The role grants access to a set of devices and services, scoped by the group.
Roles are the most common lever for adjusting access. Instead of granting devices to each user one by one, you typically:
- Define a role like "Plant A operator".
- Add the relevant devices and services to the role.
- Assign the role to whichever users need that access.
When the device list changes (say a new pump is installed), you update the role once and every user who has it inherits the change.
2. Page layout
| Area | What lives there |
|---|---|
| Role table | All roles you have access to. |
| Detail panel | Opens when you click a row, with tabs for the role's relationships. |
| Toolbar | Add Role, column editor, CSV export. |
Selecting a row updates the URL to include the role's identifier, so reloading or sharing reopens the same role.
3. Role table
Default columns:
| Column | Meaning |
|---|---|
| Name | The role name. |
| Group | The group this role is scoped to. |
| Users | Count of users currently holding this role. |
| Devices | Count of devices accessible through this role. |
| Services | Count of services accessible through this role. |
The same column management as everywhere else in Coldwave: drag to reorder, drag the edge to resize, click the header to sort, use Edit Columns to add or remove columns. Layout is remembered per user. CSV export dumps the currently visible rows.
4. Detail tabs
| Tab | What you can do |
|---|---|
| Devices | Pick devices any user with this role can access. |
| Services | Pick which services on those devices the role grants access to. |
| Users | Show the users that currently hold this role. Click a user to jump to their detail page. |
| Access | Edit lower-level access rules (read / write / manage) for this role. |
5. Creating, editing, deleting roles
Creating
Click Add Role in the toolbar. The modal asks for:
- Name — the role name.
- Group — the group this role belongs to.
The new role appears in the table immediately; open it to assign devices, services and access rules.
Editing
Open the detail panel and edit inline within the tabs — device and service assignments are toggle lists, access rules are switches. There is no separate "edit mode".
Deleting
The detail panel has a Delete button. Deleting a role removes it from every user who currently holds it, which may revoke access immediately. Coldwave asks for confirmation before deleting.
6. Deep links
Heads-up. These URL patterns are reliable when produced by Coldwave itself. Hand-constructed URLs from another user may not land where you expect — see URLs and tabs.
| URL | Effect |
|---|---|
/role | Open the role list with no role selected. |
/role/<roleId>/devices | Open a specific role on the Devices tab. |
/role/<roleId>/services | Open the Services tab. |
/role/<roleId>/users | Open the Users tab. |
/role/<roleId>/access | Open the Access tab. |
7. Persistence — what is remembered
Per-user, persisted between sessions:
- Column layout — visibility, order, width, sort.
- Selected role and tab — driven by the URL.
Always fresh from the backend:
- Counts in the table (users, devices, services).
- Tick state in the assignment tabs.