RBAC Permission Tree

Visual representation of role-based access control permissions

Text Version
Role Hierarchy

Admin

All 22 Permissions

Complete system control

Operator
16 Permissions

Can broadcast & control

Viewer
10 Permissions

Read-only monitoring

Demo
4 Permissions

Limited demo access

Admin
✓ All Alerts
✓ All EAS
✓ All System
✓ All Logs
✓ All Receivers
✓ All GPIO
✓ All API
Operator
✓ View/Create Alerts
✓ Broadcast EAS
✓ View Config
✓ View/Export Logs
✓ View Receivers
✓ Control GPIO
✗ Modify System
Viewer
✓ View Alerts
✓ View EAS
✓ View Config
✓ View/Export Logs
✓ View Receivers
✗ No Broadcast
✗ No Control
Demo
✓ View Alerts
✓ View EAS
✓ View Receivers
✓ View GPIO
✗ No Config
✗ No Logs
✗ No Export
Detailed Permission Matrix
Category Permission Admin Operator Viewer Demo
Alerts View alerts, history, map
Create manual alerts
Delete alerts
Export alert data
EAS Broadcast View EAS workflow
Initiate broadcasts 🔴
Manual EAS activation 🔴
Cancel broadcasts
System Modify configuration
View configuration
Manage users/roles
View users
Logs View system/audit logs
Export logs
Delete logs
Receivers View receivers/status
Configure receivers
Delete receivers
GPIO View GPIO status
Control GPIO/relays 🔴
API Read data (GET)
Modify data (POST/PUT/DELETE)
Legend: = Permitted | = Denied | 🔴 = Critical permission
Best Practices
  • Admin: Use only for system administration tasks
  • Operator: Daily operations and broadcast control
  • Viewer: Monitoring, reporting, and auditing
  • Demo: Public demonstrations and training
Security Notes
  • Demo role prevents accidental broadcasts during demos
  • Viewer role is ideal for compliance officers
  • Only Admins can modify system configuration
  • All roles require authentication
Related Documentation
RBAC Management Detailed Text Version Security Analysis