Roles & Groups


This chapter gives you an overview of the different roles and groups that the BlueRange server uses. There are two different roles for administration as our system supports multi-tenancy. There is the System Administrator and the Organization Administrator. A System Administrator can manage all users, groups and the different organizations, but is not able to perform any other actions. An Organization Administrator on the other hand can only see the user groups for their own organization.

System Groups


The System Administrator belongs to the system organization and is in the group ADMIN. He is able to access all organizations and user information and can change access rights for them. This group is only available for on-premise installations.

Organization Groups

Once an organization is created, the following groups are automatically generated.

Do not delete these preconfigured groups as they are essential for a correct access control model.

ORGANIZATION Administrator

An administrator manages everything for his organization including updates, users and device management features. This role allows the use and configuration of all features of BlueRange.

This is the superuser role and therefore provides access to all the functionality listed below.


A user manager can manage all users and groups of an organization with the permission to create, edit & delete users and groups.


An IOT manager is allowed to manage everything around devices and the structure around them. This role is a superset of the Device Manager with additional permissions to configure like networks or the building structure.


Being part of this group allows the user to manage all devices of the BlueRange installation with permission to enroll, delete and edit them. It also allows to create and apply configurations and notifications, as well as apply actions on devices.

Other Groups

There are a number of other groups that are less relevant, or are left overs from past use cases (like ORGANIZATION USER or ORGANIZATION Device User). These groups don’t have any predefined meaning anymore, but might be relevant as these may be linked in the users hierarchy.