🔑 How to Whitelist and Assign Permissions

Looking for the end-to-end guide?

For a complete step-by-step walkthrough of adding a new user — from whitelisting to first login to permission assignment — see How to add a new user.

This guide explains the initial process for establishing user access and management within your namespace. To ensure proper control and security, your organization must designate internal administrators for two critical functions: User Whitelisting and Permission Assignment.

These roles can be assigned to the same person or two different people, but they must be clearly identified so our team can grant them the necessary base permissions.

The available permissions and the roles they cover, can be found in the last section of this page.

1. Initial Setup: Designating Your Administrators

Your first step is to internally decide and communicate to our team who will take on the following responsibilities:

A. Whitelisting Administrator (The Gatekeeper)

Role: Responsible for adding new users from your organization to the platform (i.e., "whitelisting" them).

B. Permission Administrator (The Regulator)

Role: Responsible for assigning specific platform permission groups to the users within your organization.

C. Master Administrator

Role: Exercises global oversight, including managing namespaces across all billing accounts, performing bulk whitelisting, and modifying namespace properties. This is an advanced feature, and should only be used by advanced users.

Once your organization identifies these user(s), please notify our team. We will then grant them the relevant group permissions necessary to perform these tasks autonomously.

2. Workflow: Requesting Access and Permissions

Once the user(s) for the above administrative roles have been defined, a new user seeking access must follow this two-step process:

2.1. Requesting Whitelisting (Platform Access)

To gain initial access to the platform:

The user should request the Whitelisting Administrator to authorize them on the corresponding namespace.

The Whitelisting Administrator can then whitelist the user by navigating to Identity Access Management → Whitelist → + Add, entering the user's email address and selecting the namespace(s) to grant access to.

Once whitelisted, the user can log in using their Google, Microsoft, or linked identity provider account. A user account is automatically created on first login.

2.2. Requesting Permission Assignment (User Roles)

To gain specific permissions (e.g., viewing datasources, getting timeseries):

The user should request the Permission Administrator to assign them the correct Platform Permission Groups.

The Permission Administrator can assign groups by navigating to Identity Access Management → Users, clicking Details on the user, then + Add Group and selecting the appropriate group from the dropdown.

note

The user must have logged in at least once before they appear in the Users list and can be assigned to permission groups.

3. Support and Troubleshooting

If the designated Administrator (either the Whitelisting or Permission Administrator) cannot complete the required action for the user, despite having all the needed permissions, they should contact IT Operations through our service desk portal for assistance.

Available Permissions

This is specific for the current version of the console and APIv1.5

Groups

Permissions are granted on a group basis to users. This allows you to seperate your users into groups based on their needs in the platform. For example your business users might only need viewing access on most resources like datasources. Where analists or developers need access to update configurations. The permissions are split into different categories, each of which can be granted Create, Read, Update and Delete permission.

Delete Permissions and Platform Design

Please note that the Create and Delete permissions are bound to each other - a user that can create objects is always able to delete them, unless the object does not support being deleted.

Datasources and Timeseries do not support deletion through the platform interface or API. The Energyworx platform is designed as an append-only system for auditing purposes, which means data persists to maintain complete audit trails and regulatory compliance.

The different categories permissions can be granted and more information on what they cover can be found in the Group Details page in the Energyworx Console. At the bottom of this page there is an overview of which functionality in the console makes use of which permissions. It can be used as a guide to which permissions to grant.

Fine grained permission control (Beta)

The sensitivity of data in the platform may require more fine grained control over which resources can be accessed by your users. Some resources support more fine grained access control for that reason. With Beta features enabled the Group details view will now show the option to add conditions to permissions. These conditions can exist either in the form of whitelists or blacklists. Whitelists explicitly granting access and blacklists explicitly barring access to a resource. For example you might want a specific group of datasources to not be accesible to a group through a specific property of a tag, this would mean you would set up a blacklist condition for reading datasources with that specific tag property.

Curious about implementing fine grained permission control? Please reach out to our support team for help setting this up or for specific requirements.

Functional permission requirements

Below is a list of the functional use cases of the platform and which permissions are required to perform those operations.

Search

See the navigation category: read permission on datasource resource

Search Datasources - /datasources
- See the navigation item: read permission on datasource resource
- Start flow on the selected items: create permission on run resource
  - Configure the flow to be started: update permission on runconfig resource
- Create view from the selected items: create permission on run resource
- Create virtual datasource: create permission on virtualdatasource resource
Datasource Collection - /datasources/view/collection
- Start flow on the selected items: create permission on run resource
  - Configure the flow to be started: update permission on runconfig resource
- Create view from the selected items: create permission on run resource
Tag Management - /datasources/tags/management
- Add/remove tags from the items: update permission on tag resource
Datasource (detail) - /datasources/view/builder
- See flows: read permission on run resource
- See audit events: read permission on run resource
- Start flow: create permission on run resource
  - Configure the flow to be started: update permission on runconfig resource
- Approve flow: update permission on run resource
- Edit timeseries: update permission on datapoint resource
- Trigger virtual datasource: create permission on virtualdatasource resource
- Add/remove tags from the item: update permission on tag resource

Advanced Search - /advanced-search
- See the navigation item: read permission on query resource
- Start flow on the selected items: create permission on run resource
  - Configure the flow to be started: update permission on runconfig resource
- Create view from the selected items: create permission on run resourceAccordion Body

Flow Management

See the navigation category: read permission on runconfig resource

Decision Trees - /decision-trees
- See the navigation item: read permission on decisiontree resource
- Add a new item: create permission on decisiontree resource
Decision Tree**(detail)** - /decision-trees/details
- Edit the details: update permission on decisiontree resource
- Remove the item: delete permission on decisiontree resource

Flow Designs - /flow-management/flow-designs
- See the navigation item: read permission on runconfig resource
- Add a new item: create permission on run resource
Flow Design (detail) - /flow-management/flow-designs/details
- Create a copy of the item: create permission on runconfig resource
- Configure a task for the item: update permission on runconfig resource
- Edit the details: update permission on runconfig resource
- Restore version: update permission on runconfig resource
- Remove the item: delete permission on runconfig resource
- See the list of rules to add to an item: read permission on rule resource
- Start flow: create permission on run resource
  - Start flow on the selected items: create permission on run resource
- Add/remove subjects from the item's task: update permission on taskmanagement resource
- Edit the item's task: update permission on taskmanagement resource

Rules and Algorithms - /rule-management/rules
- See the navigation item: read permission on rule resource
- See the list of items: read permission on rule resource
- Add a new item: create permission on rule resource
Rule (detail)
- Prototype: create permission on rule resource
- Edit the details: update permission on rule resource
- Restore version: update permission on rule resource

Search Flows - /search-flows
- See the navigation item: read permission on runconfig resource

Smart Integration

See the navigation category: read permission on integration resource

Channel Classifiers - /channel-classifiers
- See the navigation item: read permission on datasource resource
- Add a new item: create permission on datasource resource
Channel Classifier (detail)
- Edit the details: update permission on datasource resource

Datasource Classifiers - /datasource-classifiers
- See the navigation item: read permission on datasource resource
- Add a new item: create permission on datasource resource
Datasource Classifier (detail)
- Edit the details: update permission on datasource resource
- Remove the item: delete permission on datasource resource

Endpoints - /soap-endpoints
- See the navigation item: read permission on soap resource
Endpoint (detail) - /soap-endpoints/details
- Edit the details: update permission on soap resource
- Remove the item: delete permission on soap resource

File Management - /files
- See the navigation item: read permission on storage resource
- Upload items: create permission on storage resource
- Select/unselect all items: create permission on storage resource
- Ingest items: create permission on storage resource
- Assign market adapters to items: create permission on storage resource
- Add/remove tags from items: update permission on storage resource
- Select/unselect all items: update permission on storage resource
- Select/unselect all items: delete permission on storage resource
- Remove items: delete permission on storage resource
File (detail)
- Create a new transformation configuration based on the item: create permission on integration resource
- Create a new endpoint based on the item: create permission on soap resource
- Add tags to the item: update permission on storage resource

Market Adapters - /market-adapters
- See the navigation item: read permission on marketadapter resource
- Add a new item: create permission on marketadapter resource
Market Adapter (detail) - /market-adapters/details
- Create a copy of the item: create permission on marketadapter resource
- Edit the details: update permission on marketadapter resource
- Restore version: update permission on marketadapter resource
- Remove the item: delete permission on marketadapter resource

Timeslice Groups - /timeslice-groups
- See the navigation item: read permission on timeslice resource
- Add a new item: create permission on timeslice resource
Timeslice Group (detail) - /timeslice-groups/details
- Assign the item: create permission on timeslice resource
- Edit the details: update permission on timeslice resource
- Remove the item: delete permission on timeslice resource

Transformation Configuration (detail) - /tcm/configuration
- See the navigation item: read permission on integration resource
- Create a copy of the item: create permission on integration resource
- Add a new item: create permission on integration resource
- Edit the details: update permission on integration resource
- Choose a different item: update permission on integration resource
- Restore version: update permission on integration resource
- Remove the item: delete permission on integration resource
- See the list of rules to add to a property: read permission on rule resource

Trigger Schedules - /triggers
- See the navigation item: read permission on trigger resource
- Add a new item: create permission on trigger resource
Trigger Schedule (detail) - /triggers/details
- Create a copy of the item: create permission on trigger resource
- Edit the details: update permission on trigger resource
- Remove the item: delete permission on trigger resource

Task Management

See the navigation category: read permission on taskmanagement resource

Task Search - /tasks/search
- See the navigation item: read permission on taskmanagement resource
- Add a new item: create permission on taskmanagement resource
- Select/unselect all items: update permission on taskmanagement resource
- Manage the items: update permission on taskmanagement resource
- Assign to me the selected items: update permission on taskmanagement resource
- Select/unselect all items: delete permission on taskmanagement resource
- Remove items: delete permission on taskmanagement resource
Task (detail) - /tasks/search/details
- Add a new comment to the item: create permission on taskmanagement resource
- Link/unlink the item's flow: create permission on taskmanagement resource
- Edit the details: update permission on taskmanagement resource
- Remove the item's subjects: delete permission on taskmanagement resource
- Start the item's flow: create permission on run resource
  - Configure the flow to be started: update permission on runconfig resource

Task Boards - /tasks/flows
- See the navigation item: read permission on taskmanagement resource
- Add a new item: create permission on taskmanagement resource
Task Board (detail) - /tasks/flows/details
- Add a new task to the item: create permission on taskmanagement resource
- Edit the details: update permission on taskmanagement resource

Tasks Configuration - /tasks/settings
- See the navigation item: create permission on taskmanagement resource
- See the navigation item: update permission on taskmanagement resource
- Restore version: update permission on taskmanagement resource

Identity Access Management (IAM)

See the navigation category: read permission on iam resource

Groups & Permissions - /iam/groups
- See the navigation item: read permission on iam resource
- Add a new item: create permission on iam resource
Group (detail) - /iam/groups/details
- Edit the details: update permission on iam resource
- Delete the item: delete permission on iam resource

Users - /iam/users
- See the navigation item: read permission on iam resource

Whitelist - /iam/whitelist
- See the navigation item: read permission on billingaccount resource
- Add a new item: create permission on billingaccount resource
- See the details: update permission on billingaccount resource
- Edit the details: update permission on billingaccount resource

Administrator

See the navigation category: read permission on admin resource

Namespaces - /admin/namespaces
- See the navigation item: read permission on admin resource

Whitelist - /admin/whitelist
- See the navigation item: read permission on admin resource

Audit Events

See the navigation item: read permission on query resource

API Documentation

See the navigation item: read permission on integration resource

Namespace Properties - (/namespace/properties)

Edit the details: update permission on billingaccount resource

1. Initial Setup: Designating Your Administrators​

A. Whitelisting Administrator (The Gatekeeper)​

B. Permission Administrator (The Regulator)​

C. Master Administrator​

2. Workflow: Requesting Access and Permissions​

2.1. Requesting Whitelisting (Platform Access)​

2.2. Requesting Permission Assignment (User Roles)​

3. Support and Troubleshooting​

Available Permissions​

Groups​

Fine grained permission control (Beta)​

Functional permission requirements​

Search​

Flow Management​

Smart Integration​

Task Management​

Identity Access Management (IAM)​

Administrator​

Audit Events​

API Documentation​

Other pages that are not in the console navigation:​

Namespace Properties - (/namespace/properties)​