Managing Users & Permissions

User Roles Explained

Project Green uses a role-based access control model to ensure that users can access the features and data they need without exposing sensitive configuration to everyone. Understanding the available roles helps you assign the right level of access to each team member.

Common roles include Administrator, Operator, and Viewer. Administrators have full access to platform configuration, user management, and alert rules. Operators can view all monitoring data, acknowledge and resolve alerts, and manage rooms and devices. Viewers have read-only access to dashboards, room status, and alerts but cannot make changes.

Your organization may have additional custom roles configured to match your specific needs. When in doubt, follow the principle of least privilege: give each user the minimum level of access required for their job. You can always upgrade permissions later if someone needs additional capabilities.

Inviting New Users

When a new team member needs access to Project Green, the process typically involves creating an account and assigning them to the appropriate role. Administrators can usually do this from the user management section of the platform. Some organizations also support self-registration with administrator approval.

When inviting a new user, take a moment to assign the correct role from the start. It is easier to set permissions correctly during account creation than to remember to adjust them later. Also consider which building or namespace the user should have access to, especially in multi-tenant environments.

Send the new user a link to the Getting Started training materials along with their account credentials. A few minutes of orientation goes a long way toward helping new users become productive quickly and reduces the number of basic questions directed at your support team.

Permission Best Practices

Effective permission management balances security with usability. Overly restrictive permissions create friction and lead to workarounds, while overly permissive access creates risk. The goal is a clear, documented permission structure that everyone understands and follows.

Review your permission assignments regularly to ensure they still match each user's role. People change teams, take on new responsibilities, or leave the organization, and permissions should be updated accordingly. A quarterly review of user access is a good cadence for most organizations.

Avoid sharing accounts between multiple people. Shared accounts make it impossible to audit who did what and create accountability gaps. If multiple people need the same level of access, create individual accounts with the same role rather than sharing a single set of credentials.

Tenant and Namespace Scoping

In multi-tenant deployments of Project Green, tenant and namespace scoping controls which data each user can see. This is important for organizations that manage monitoring for multiple clients or business units on a single platform instance.

Each tenant or namespace acts as a boundary that isolates rooms, devices, alerts, and dashboards. Users assigned to a specific tenant can only see data within that tenant, even if the underlying platform hosts many tenants. This isolation ensures data privacy and prevents accidental cross-tenant changes.

When setting up new users, always verify that they are assigned to the correct tenant or namespace. A user assigned to the wrong scope will either see data they should not have access to or be unable to see the data they need. Getting this right at account creation time prevents confusion and potential security issues.

Audit and Access Review

Maintaining a record of who has access to your platform and what actions they take is important for security and compliance. Project Green may provide audit logs that record key activities such as login events, configuration changes, and alert acknowledgments.

Review audit logs periodically to verify that access patterns are consistent with expectations. Unusual activity, such as logins from unexpected locations or configuration changes by users who do not normally make them, may warrant further investigation.

Schedule a formal access review at least once per quarter. During this review, go through the list of active users and confirm that each person still needs access and has the correct role. Remove or disable accounts for users who have left the organization or no longer need access. This practice keeps your platform secure and your user list accurate.