Customer roles are mostly seprarated into three categories:
User roles are subject to inheritance (see last section).
These roles only allow one to read information from the backend. These users will be able to access most of the information but not to modify anything.
Examples of read-only roles: CUSTOMER[R], DEVICE MANAGER[R]
Read-only roles allow to:
Read a device information page, read device messages.
Write roles are to be considered as administrator roles. They will allow accessing and modifying of all information.
These are to be granted to trusted users, regarded as administrators in your group.
Examples of read & write roles: CUSTOMER[W], DEVICE MANAGER[W]
Write roles allow to:
Register or move devices, create and edit callbacks, access a device's PAC.
If a customer has been granted a role on a group, he will inherit the same role for each and any of its child groups. Distinct and parent groups are, of course, not subject to inheritance.
Let's take a concrete example:
Optional roles allow adding a specific capability to an existing account. These roles are identified with the "OPT_" prefix.
Please be advised that granting only an optional role to a user will create an account that the user will not be able to use to log in.
Same goes for API accesses: it will be created but will not be able to access any resource.