Skip to main content

RBAC: Managing Users, Roles, and Access

Helvi
Updated

Eido uses Role Based Access Control (RBAC) to control what users can access within the platform.

Access is managed through a combination of:

  • Team members – the users who can sign in to Eido

  • Roles – the permissions assigned to those users

This allows administrators to control who can access Eido, what areas of the platform they can see, and which customer data they are allowed to work with.

Admin menu showing Team and Roles

 

Team Members

Users are managed from the Team page.

To view or manage users, navigate to:

Admin > Team

The Team page allows you to view users and organise them by:

  • All Users

  • Tenant Users

  • Customer Users

Team page with users and their access

Adding a User

To add a user, open the Team page and create a new user.

When creating a user, you will be asked to provide:

Name
The user’s display name.

Email
The email address the user will use to access Eido.

Customer
If you are using Eido in a multi-customer environment, you can assign the user to a specific customer. Selecting All Customers gives the user access to data across all customers.

Role
The role assigned to the user. The selected role determines what the user can access in Eido.

Create a user

 

Customer Access

Customer assignment controls which customer data a user can access.

This is particularly useful in MSP environments, where administrators may want to:

  • give end customers access only to their own environment

  • restrict support staff to specific customers

  • allow internal administrators to access all customers

If a user is assigned to All Customers, they can access data across all customer environments available to their role.

 

Roles

Roles control what a user is allowed to access in Eido.

To view or create roles, navigate to:

Admin > Roles

Eido includes built-in roles and also allows administrators to create custom roles.

 

Built-In Roles

Eido includes two built-in roles:

Admin
Users with the Admin role can access all areas of Eido, including the pages under the Admin section, and can make configuration changes.

Read All Devices
Users with this role can view the main areas of Eido, but cannot access the Admin pages.

These built-in roles are useful for common access patterns, but custom roles can be created for more specific requirements.

 

Creating a Custom Role

Custom roles allow you to define more granular access.

When creating a role, you can configure the following settings.

Role Name
A friendly name used to identify the role.

User Type
Choose whether the role is:

  • Admin

  • Standard

Admin roles can access all areas of Eido, including admin features.

Standard roles can access the main Eido product areas, but not the pages under the Admin section.

Device Permissions
Choose whether the role can access:

  • All Devices

  • Selected Devices

Customer Filters
If enabled, the role can be limited to specific customers.

This is useful if you want to create roles for customer-specific users or internal teams who should only see selected customer environments.

 

Assigning Roles to Users

Roles are assigned when creating or editing a user in the Team page.

To assign a role:

  1. Navigate to Admin > Team

  2. Create or edit the user

  3. Select the required role from the Role dropdown

  4. Save the user

This allows you to manage user access centrally while reusing the same role definitions across multiple users.

 

How RBAC Works in Practice

RBAC in Eido is designed to support both internal IT teams and MSP-style customer management.

For example, you might use RBAC to:

  • give internal administrators full access to all areas of Eido

  • give support engineers access only to device data

  • restrict customer users so they can only see their own customer environment

  • prevent non-admin users from accessing administrative settings

By combining roles with customer assignment, Eido allows access to be tailored to the responsibilities of each user.

 

Important Notes

RBAC controls access within Eido only.

It determines:

  • which pages a user can access

  • whether they can access admin functions

  • which customer data they can view

It does not change permissions within Microsoft Intune or Microsoft Entra ID.  

Related articles

Comments

0 comments

Article is closed for comments.