ℹThis page lives in the Users section and is also referenced from Deployment. If you arrived from there, your sidebar has switched to Users.
Permission Reference
This page is the source of truth for what each built-in role can do, and the complete vocabulary of (action, subject) pairs used in the CDT permission system.
Default role permissions
Each cell shows whether the role grants the action on the subject. – means no permission.
Read access
| Subject | Viewer | User | Admin |
|---|---|---|---|
| Building | read | read | read |
| Site | read | read | read |
| Infrastructure | read | read | read |
| File | read | read | read |
| Sensor | read | read | read |
| SensorType | read | read | read |
| Comment | read | read | read |
| User | read | read | read |
| Role | read | read | read |
| Organization | read | read | read |
Create access
| Subject | Viewer | User | Admin |
|---|---|---|---|
| Building | – | create | create |
| Site | – | create | create |
| Infrastructure | – | create | create |
| File | – | create | create |
| Sensor | – | create | create |
| SensorType | – | create | create |
| Comment | – | create | create |
| User | – | – | create |
| Organization | – | create | create |
Update access
| Subject | Viewer | User | Admin |
|---|---|---|---|
| Building | – | update | update |
| Site | – | update | update |
| Infrastructure | – | update | update |
| File | – | update | update |
| Sensor | – | update | update |
| SensorType | – | update | update |
| Comment | – | update | update |
| User | – | update | update |
| Role | – | – | update |
| Organization | – | update | update |
Delete access
| Subject | Viewer | User | Admin |
|---|---|---|---|
| Building | – | delete | delete |
| Site | – | delete | delete |
| Infrastructure | – | delete | delete |
| File | – | delete | delete |
| Sensor | – | delete | delete |
| SensorType | – | delete | delete |
| Comment | – | delete | delete |
| User | – | – | delete |
| Organization | – | – | delete |
Action vocabulary
CDT uses a fixed set of action verbs:
| Action | Meaning |
|---|---|
read | Retrieve a record or list records. |
create | Create a new record. |
update | Modify an existing record. |
delete | Remove a record. |
manage | All of the above. Useful as a shorthand in custom roles. |
Subject vocabulary
Subjects map directly to Prisma models — see Architecture → Data Model for the full schema.
| Subject | Description |
|---|---|
Building | A managed asset on the map. |
Site | A geographic grouping of buildings. |
Infrastructure | A non-building asset (utility line, road, etc.). |
File | An uploaded binary plus metadata. |
Sensor | A configured IoT sensor instance. |
SensorType | A reusable sensor category (temperature, occupancy, etc.). |
Comment | A threaded annotation on any other entity. |
User | A member of the organization. |
Role | The role assigned to a user. |
Organization | The tenant itself. |
Cross-resource dependencies
Some actions implicitly require permissions on a parent resource. The most common:
- Uploading a File requires
readon the parent Building or Site. - Adding a Comment requires
readon the entity being commented on. - Inviting a User requires
create: Userand at leastread: Roleto assign them a role.
If an admin reports unexpected 403 errors, these dependencies are the most likely cause.