Roles
This tab shows a list of all roles defined in the platform. Each role displays its name, associated permissions, and who created it. The Created By column helps you distinguish between roles created manually in vuSmartMaps and roles imported from an LDAP/AD directory. Roles from LDAP/AD show 'system' in this column. From the Roles tab you can create new roles, assign permissions, manage object-level permissions, configure data access policies, and delete roles.
Step-by-Step Instructions
Creating a New Role


- Navigate to Account Management › User & Roles and click the Roles tab.
- Click the + (plus) button.
- Enter a name for the role in the Role Name field.
- Optionally, add users to this role immediately by selecting them in the user list.
- Optionally, set a default homepage for all users in this role under Select HomePage. You can choose separate dashboards for the web and mobile apps.
- Optionally, configure a Data Access Policy to control which types of observability data users in this role can see.
- Click Save.
If your organisation uses LDAP or Active Directory, create roles with the 'Vunet-' prefix (for example, 'Vunet-NOC' or 'Vunet-PaymentOps'). This ensures that only roles intended for vuSmartMaps are pulled during LDAP synchronisation, minimising unnecessary role imports.

Updating a Role's Default Homepage and Users

You can update a role's default homepage or change which users belong to it at any time after the role has been created.
- In the Roles tab, locate the role you want to update.
- Click the Edit button next to that role.
- A pop-up will open showing the role's current settings.
- To change the default landing page, update the Select HomePage fields for the web app and the mobile app as needed.
- To add or remove users from this role, update the user list in the same pop-up.
- Click Save. The changes apply immediately to all users in that role.
Setting a default homepage at the role level means all users in the role will land on the same dashboard when they log in. To give a specific individual a different homepage, edit that user's profile directly from the Users tab instead.
Deleting a Role
- In the Roles tab, locate the role or roles you wish to delete and select the checkbox next to their names.
- Click the Delete Roles icon.
- A confirmation pop-up will appear. Type Yes in the text box to confirm.
- Click Delete Roles. The selected roles are removed from the platform.
- To delete a single role quickly, you can also click the Delete Role icon directly on that role's row without using the checkbox.
Any user with write permission to the User & Roles module can delete any role. Deleting a role removes it from all users who were assigned to it. Those users will retain access only through any other roles they are still a member of.
Assigning Permissions to a Role

Permissions control which modules a role can access and whether that access is read-only or full read-write.
- In the Roles tab, find the role you want to update.
- Click the Edit Role Permissions icon for that role.
- A pop-up appears showing every module in the platform with checkboxes for read and write permissions.
- Select the appropriate permissions for each module.
- Click Save.
Granting write permission to a module automatically grants read permission for that same module. Some modules also carry implicit dependencies — for example, granting write permission to Alert Rules automatically grants read permission to Data Models, because alert rules rely on data models to function.
Managing Password Change Permissions

By default, users can change their own password from their profile. Administrators can disable this ability for specific roles — useful for service accounts or shared accounts where password changes should be controlled centrally.
- In the Roles tab, click the Edit Role Permissions icon for the relevant role.
- Locate the Miscellaneous permissions section.
- To allow password changes: ensure the changePassword option is enabled (selected).
- To prevent password changes: deselect the changePassword option.
- Click Save.


Users whose role has password changes disabled will see the Change Password field greyed out when they log in. Hovering over the field displays a message confirming they do not have permission to make this change.
Object-Level Permissions
Object-Level Permissions allow administrators to control access to specific objects within supported modules rather than granting permissions at the entire module level. This enables more granular access control, ensuring that users can only view or modify the objects relevant to their role. Administrators can configure object-level permissions for modules such as:
- Alerts
- Dashboards
- Data Models
- Insights
- Log Analytics
- Reports
- UTM
For each object, permissions can be assigned to roles with the following access levels:
- View – Allows users to view the object.
- Modify – Allows users to edit or update the object.
- None – Restricts access to the object.
This helps ensure that users only have access to the specific resources required for their responsibilities.
Object-Level Permissions and Bulk Permission Management
Bulk Permission Management allows administrators to manage permissions for multiple objects across supported modules from a centralized interface. Instead of configuring permissions for each object individually, administrators can update permissions for multiple objects simultaneously. This capability simplifies permission management, particularly in environments with a large number of dashboards, alerts, reports, or other objects. Only users with the required permissions can access and modify bulk object permissions. If the required permission is not granted, the Edit Object Permissions option will remain disabled.
Benefits of Bulk Permission Management
Bulk Permission Management provides several advantages when managing access across multiple objects and modules.
- Centralized Permission Management
Administrators can view and manage permissions for multiple objects from a single interface, improving visibility and simplifying access control. - Operational Efficiency
Allows administrators to assign permissions to multiple objects at once, significantly reducing the time and effort involved in managing permissions for a large set of objects. - Seamless Access Control: Ensures consistent permissions across multiple objects and modules, while simplifying the process of managing complex permissions structures.
Managing Object-Level Permissions


Object-level permissions can be managed from the Roles tab using the Edit Object Permissions option. This allows administrators to view and manage permissions for multiple objects across supported modules from a centralized interface.
Opening the Object Permissions Interface
- Navigate to Account Management → User & Roles.
- Open the Roles tab.
- Locate the role for which you want to manage object permissions.
- Click the Edit Object Permissions button under the Actions column.
The Bulk Object Permissions interface will open.
Viewing All Objects

All objects across supported modules such as Alerts, Dashboards, Data Models, Insights, Log Analytics, Reports, and UTM are displayed in a centralized list.
- Review the list of objects displayed on the screen.
- Objects are categorized based on their respective modules for easier identification.
- Each object displays key details such as:
- Object Name
- Object Type
- Current Permission Level
This view helps administrators quickly understand the existing access configuration.
Searching and Filtering Objects

The interface provides search and filtering options to help administrators quickly locate specific objects.
-
Use the search bar to search for objects by:
- Object name
- Object type
- Created by
-
Apply filters to narrow down the list of objects based on criteria such as:
- Module type
- Permission level
- Created by
-
Use the pagination controls to navigate through the list if a large number of objects are available.
These options help administrators efficiently locate the objects they want to manage.
Selecting Multiple Objects

Administrators can select multiple objects to update permissions simultaneously.
- Locate the objects for which you want to update permissions.
- Select the checkbox next to each object.
- Repeat the process for all required objects.
Assigning Permissions in Bulk
Permissions can be applied to all selected objects simultaneously.
- After selecting the required objects, choose the appropriate permission level.
- The available permission types include:
- View
- Modify
- None
- Apply the selected permission to all the selected objects.
This feature helps administrators manage permissions efficiently without updating each object individually.
Implicit Object Permissions
Certain modules support implicit object permissions. When permissions are applied to specific objects, related objects may automatically receive read access to ensure proper functionality.
Examples include:
- When permissions are applied to Alerts, UTM, or Insights, the associated Data Models automatically receive read access.
- When permissions are applied to Reports, the associated Data Models and Dashboards automatically receive read access.
- When permissions are applied to Dashboards, the associated UTM, Insights, and their Data Models automatically receive read access.
This ensures that dependent objects remain accessible when required.
Bypassing RBAC Restrictions
Administrators with the manageBulkObjects permission can bypass standard RBAC restrictions when managing object permissions.
- Administrators with this permission can view and list all objects available for permission assignment.
- However, objects associated with the administrator’s own modules will only be visible or manageable if the administrator has been explicitly granted access to those objects.
This capability allows administrators to manage permissions at scale while maintaining proper access control.
Saving and Reviewing Permissions
After assigning permissions, administrators can review and confirm the changes.
- Review the confirmation summary displayed by the system.
- Verify the permissions assigned to each object and role.
- Click Save to apply the changes.
- If required, permissions can be modified or removed later through the Bulk Object Permissions interface.
