Roles & Groups


This chapter gives you an overview of the different roles and groups that the BlueRange server uses. There are two different roles for administration as our system supports multi-tenancy. There is the System Administrator and the Organization Administrator. A System Administrator can manage all users, groups and the different organizations, but is not able to perform any other actions. An Organization Administrator on the other hand can only see the user groups for their own organization.

System Groups


The System Administrator belongs to the system organization and is in the group ADMIN. He is able to access all organizations and user information and can change access rights for them. This group is only available for on-premise installations.

Organization Groups

Once an organization is created, the following groups are automatically generated.

Do not delete these preconfigured groups as they are essential for a correct access control model.

ORGANIZATION Administrator

An administrator manages everything for his organization including updates, users and device management features. This role allows the use and configuration of all features of BlueRange.

This is the superuser role and therefore provides access to all the functionality listed below.

ORGANIZATION Appstore Manager

An appstore manager is able to upload, edit and delete software and firmware updates for BlueRange devices. This role is not able to deploy any updates as this is only possible with the Device Manager group.


A user has no further rights than to login. Normally this role is not needed, because a user should be either a device user or an appstore user.


A user manager can manage all users and groups of an organization with the permission to create, edit & delete users and groups.


Being part of this group allows the user to manage all devices of the BlueRange installation with permission to enroll, delete and edit them. It also allows to create and apply configurations and notifications, as well as apply actions on devices.

Other Groups

There are a number of other groups that are less relevant, but must not delete these as they may be used in future versions of our platform.