Permissions and Roles

Connect and API v2 rely on a robust permissions-based access control system. Operators gain access to platform features based on explicitly assigned permissions. The UI follows the principle of "if you can't see it, you can't do it", meaning unavailable permissions result in hidden UI elements.

Permission Types

1. Admin-Level Permissions

These permissions override individual site or feature-level settings and grant broad access.

Permission	Access to All Features	Access to All Sites	Uses Site Access
Global admin	✅	✅	❌
Site admin	✅	❌	✅

Global Admin: Full access across all sites and features; ignores any site-level restrictions.
Site Admin: Full feature access, but limited to specific sites granted via Site Access. Operators can only manage operators or drivers within their site scope.

ℹ️ Only operators with admin-level permissions can manage (add/edit/delete) other operators or roles.

2. Regular Permissions

Used to grant specific access to features without full admin rights. Each permission can be assigned as either:

View: Read-only access to data
Edit: Ability to create, update, or delete related data

Examples:

View tariffs – See tariff details.
Edit chargers – Modify charger configurations.
View charging sessions – Access session logs.

Regular permissions follow the principle of least privilege.

Roles: Grouping Permissions

What are Roles?

Roles are a bundle of regular permissions that can be assigned to multiple operators to streamline access management.

Benefits:

Easier permission management at scale
Consistent access across teams
Updates to a role automatically apply to all operators assigned to it

Example Role – “Customer Service”

Permissions: View chargers, Operate chargers, View sites

Limitations:

Roles cannot include Global admin or Site admin permissions
Only operators with admin-level access can create, edit, or delete roles

Roles are managed under:

More → Settings → Roles

Permission	Explanation
View tariffs	Can view tariff related information
Edit tariffs	Can edit and delete tariff related information
View chargers	Can view charger related information
Edit chargers	Can edit and delete charger related information
View sites	Can view site related information
Edit sites	Can edit and delete site related information
Operate chargers	Can perform charger actions such as reboots or remote starts/stops
Update charger firmware	Can update charger firmware
View drivers	Can view driver related information
Edit drivers	Can edit driver related information
View RFIDs	Can view RFID related information
Edit RFIDs	Can edit RFID related information
View integrations	Can view integrations
Edit integrations	Can edit integrations
View invoicing	Can access invoicing portal and view related information
View DLM settings	Can view DLM-related information and settings
Edit DLM settings	Can edit DLM related information and settings
View real time power data	Can view realtime power data
View Express settings	Can view Express related settings
Edit Express settings	Can edit Express related settings
View automations	Can view automations
Edit automations	Can edit and create automations

Site Access

Site Access defines which sites and subsites an operator can interact with.

Operators only see and manage entities (chargers, drivers, etc.) tied to their accessible sites
Global admins bypass these restrictions and see everything

Best Practice:

Use a parent site structure:

CODE

All Sites
├── Operational Sites
├── Test Sites

Then grant access to the relevant parent, e.g., "Operational Sites", for simplified and scalable access control.

Home Site

The Home site determines who can see an operator or driver, not what they can access.

Use Case	Determines
Home site	Who can see the operator
Site access	What the operator can see

Example: If an operator’s home site is Finland, only other operators with site access to Finland can view them. This is especially useful for regional management separation (e.g., Finland vs. Sweden).