Skip to main content
Version: 2.1.0

Permissions

Role Based Permissions System

EAS uses a role based permission system. The system is made up of Permissions, Internal Roles, and External Roles. Internal Roles can be assigned a number of permissions to grant them the ability to perform actions against various resources. An External Role cannot be assigned permissions directly but can be assigned a number of Internal Roles which it will inherit permissions from. A request can provide a number of External Roles by name via its access token. A Request can only provide External Roles, it cannot provide Internal Roles or Permissions directly.

Default Roles

When the EAS database is initialised. The following Roles are created.

Default Internal Roles

Internal RolePermissions
MAP_VIEWER_INTERNALEWB:READ, OPPORTUNITIES:READ, LOCATION_SERVICE:READ
STUDIES_CREATOR_INTERNALSTUDIES:READ, STUDIES:CREATE, STUDIES:DELETE
RUN_HOSTING_CAPACITY_INTERNALHC_WORK_PACKAGE:READ, HC_WORK_PACKAGE:CREATE, HC_WORK_PACKAGE:CANCEL, HC_WORK_PACKAGE:DIFF
EWB_ADMIN_INTERNALEWB:SWITCH, EWB:LOCK, EWB:UNLOCK
MODEL_EXPORTER_INTERNALPOWER_FACTORY_MODEL_EXPORT:READ, POWER_FACTORY_MODEL_EXPORT:CREATE, POWER_FACTORY_MODEL_EXPORT:DELETE, POWER_FACTORY_MODEL_EXPORT:UPDATE, POWER_FACTORY_EXPORT_TEMPLATE:READ, POWER_FACTORY_EXPORT_TEMPLATE:CREATE, POWER_FACTORY_EXPORT_TEMPLATE:DELETE, POWER_FACTORY_EXPORT_TEMPLATE:UPDATE, SINCAL_MODEL_EXPORT:READ, SINCAL_MODEL_EXPORT:CREATE, SINCAL_MODEL_EXPORT:DELETE, SINCAL_MODEL_EXPORT:UPDATE, SINCAL_EXPORT_TEMPLATE:READ, SINCAL_EXPORT_TEMPLATE:CREATE, SINCAL_EXPORT_TEMPLATE:DELETE, SINCAL_EXPORT_TEMPLATE:UPDATE
METRICS_VIEWER_INTERNALMETRICS:READ
ALLOW_ALL_INTERNALPOWER_FACTORY_EXPORT_TEMPLATE:READ, POWER_FACTORY_EXPORT_TEMPLATE:CREATE, POWER_FACTORY_EXPORT_TEMPLATE:UPDATE, POWER_FACTORY_EXPORT_TEMPLATE:DELETE, POWER_FACTORY_MODEL_EXPORT:CREATE, POWER_FACTORY_MODEL_EXPORT:READ, POWER_FACTORY_MODEL_EXPORT:UPDATE, POWER_FACTORY_MODEL_EXPORT:DELETE, SINCAL_MODEL_EXPORT:READ, SINCAL_MODEL_EXPORT:CREATE, SINCAL_MODEL_EXPORT:DELETE, SINCAL_MODEL_EXPORT:UPDATE, SINCAL_EXPORT_TEMPLATE:READ, SINCAL_EXPORT_TEMPLATE:CREATE, SINCAL_EXPORT_TEMPLATE:DELETE, SINCAL_EXPORT_TEMPLATE:UPDATE, STUDIES:READ, STUDIES:DELETE, STUDIES:CREATE, EWB:SWITCH, EWB:LOCK, EWB:UNLOCK, HC_WORK_PACKAGE:CREATE, HC_WORK_PACKAGE:READ, HC_WORK_PACKAGE:CANCEL, EWB:READ, METRICS:READ, SINCAL_EXPORTER_LOGS:READ, OPPORTUNITIES:READ, LOCATION_SERVICE:READ, INGESTOR:RUN, MACHINE_TOKEN:CREATE, HC_WORK_PACKAGE:UPDATE
NETWORK_MODEL_EXECUTOR_INTERNALINGESTOR:RUN
MACHINE_TOKEN_CREATOR_INTERNALMACHINE_TOKEN:CREATE

Default External Roles

External RoleInternal RolesOverview
SUPER_ADMINALLOW_ALL_INTERNALProvides complete access to all EAS functionality.
EWB_ADMINEWB_ADMIN_INTERNALThe ability to change the network model currently loaded in EWB.
TIMESERIES_MODELLERRUN_HOSTING_CAPACITY_INTERNALThe ability to start and stop Hosting Capacity work packages.
MODELLERMODEL_EXPORTER_INTERNALThe ability to export Power Factory and Sincal models.
DEVELOPERSTUDIES_CREATOR_INTERNALThe ability to create studies.
MAP_VIEWERMAP_VIEWER_INTERNALThe ability to retrieve any map data from EWB. The ability to retrieve "opportunity" data
METRICS_VIEWERMETRICS_VIEWER_INTERNALThe ability to retrieve any information from the Metrics Database.
NETWORK_MODEL_EXECUTORNETWORK_MODEL_EXECUTOR_INTERNALThe ability to trigger ingestion of a new CIM network model into the Energy Workbench.
INTEGRATION_ADMINMACHINE_TOKEN_CREATOR_INTERNALThe ability to create machine-to-machine tokens.

Http REST Endpoints

PermissionRequired forProvided by default role
EWB:READapi/network/graphql, api/network/hierarchy, api/network/feeder-assets/{container}/{containerId}, api/network/assets/{assetId}, api/network/find/{search}, api/network/assets/by-location/{locationId}, api/network/trace/upstream/asset/{assetId}, api/network/assets/graphics/geo-json, api/energy/profiles/max-demand/{id}, api/energy/profiles/max-demand, api/energy/profiles/max-demand/combine , api/energy/profiles/min-demand/{id} , api/energy/profiles/profiles/range/{id}/from-date/{fromDate}/to-date/{toDate} , api/energy/profiles/weather/{id}/season/{season}/day/{day}/temperature/{temperature}/variance/{variance}, api/energy/analysis/summary, api/energy/analysis/ev/{chargingBlockKw}, api/map/tile/{z}/{x}/{y}SUPER_ADMIN, MAP_VIEWER
POWER_FACTORY_MODEL_EXPORT:READapi/power-factory-model/{id}SUPER_ADMIN, MODELLER
SINCAL_MODEL_EXPORT:READapi/sincal-model/{id}SUPER_ADMIN, MODELLER
SINCAL_EXPORTER_LOGS:READapi/sincal-model/{id}/logsSUPER_ADMIN

GraphQL Queries

The GraphQL API is served at /api/graphql. All GraphQL queries forwarded to the EWB server via api/network/graphql require EWB:READ permissions.

PermissionRequired forProvided by default role
EWB:READAll GraphQL queries forwarded to the EWB server via api/network/graphqlSUPER_ADMIN, MAP_VIEWER
EWB:LOCKlockNetworkModelDatabaseSUPER_ADMIN, EWB_ADMIN
EWB:SWITCHswitchNetworkModelDatabaseSUPER_ADMIN, EWB_ADMIN
EWB:UNLOCKunlockNetworkModelDatabaseSUPER_ADMIN, EWB_ADMIN
HC_WORK_PACKAGE:CANCELcancelWorkPackageSUPER_ADMIN, TIMESERIES_MODELLER
HC_WORK_PACKAGE:CREATErunWorkPackageSUPER_ADMIN, TIMESERIES_MODELLER
HC_WORK_PACKAGE:DIFFgenerateNetworkPerformanceDiff, generateEnhancedNetworkPerformanceDiffSUPER_ADMIN, TIMESERIES_MODELLER
HC_WORK_PACKAGE:READgetWorkPackageById, getWorkPackageProgress, getWorkPackages, getWorkPackageTreeSUPER_ADMIN, TIMESERIES_MODELLER
HC_WORK_PACKAGE:UPDATEeditWorkPackageSUPER_ADMIN
INGESTOR:RUNexecuteIngestorSUPER_ADMIN
LOCATION_SERVICE:READgetOpportunities(identifiedObject location information), getOpportunityLocations(identifiedObject location information), getOpportunitiesForEquipment(identifiedObject location information), getOpportunity(identifiedObject location information), getDurationCurves(identifiedObject location information)SUPER_ADMIN, MAP_VIEWER
MACHINE_TOKEN:CREATEcreateMachineApiKeySUPER_ADMIN, INTEGRATION_ADMIN
METRICS:READgetAllJobs, getNewestJob, getSources, getMetricsSUPER_ADMIN, METRICS_VIEWER
OPPORTUNITIES:READgetOpportunities, getOpportunityLocations, getOpportunitiesForEquipment, getOpportunity, getDurationCurvesSUPER_ADMIN, MAP_VIEWER
POWER_FACTORY_MODEL_EXPORT:CREATEcreatePowerFactoryModelSUPER_ADMIN, MODELLER
POWER_FACTORY_MODEL_EXPORT:DELETEdeletePowerFactoryModelSUPER_ADMIN, MODELLER
POWER_FACTORY_MODEL_EXPORT:READpowerFactoryModelById, powerFactoryModelsByIds, pagedPowerFactoryModelsSUPER_ADMIN, MODELLER
POWER_FACTORY_EXPORT_TEMPLATE:CREATEcreatePowerFactoryModelTemplateSUPER_ADMIN, MODELLER
POWER_FACTORY_EXPORT_TEMPLATE:DELETEdeletePowerFactoryModelTemplateSUPER_ADMIN, MODELLER
POWER_FACTORY_EXPORT_TEMPLATE:READpowerFactoryModelTemplateById, powerFactoryModelTemplatesByIds, pagedPowerFactoryModelTemplatesSUPER_ADMIN, MODELLER
POWER_FACTORY_EXPORT_TEMPLATE:UPDATEupdatePowerFactoryModelTemplateSUPER_ADMIN, MODELLER
SINCAL_MODEL_EXPORT:CREATEcreateSincalModelSUPER_ADMIN, MODELLER
SINCAL_MODEL_EXPORT:DELETEdeleteSincalModelSUPER_ADMIN, MODELLER
SINCAL_MODEL_EXPORT:READsincalModelById, sincalModelsByIds, pagedSincalModelsSUPER_ADMIN, MODELLER
SINCAL_EXPORT_PRESET:CREATEcreateSincalModelPresetSUPER_ADMIN, MODELLER
SINCAL_EXPORT_PRESET:DELETEdeleteSincalModelPresetSUPER_ADMIN, MODELLER
SINCAL_EXPORT_PRESET:READsincalModelPresetById, sincalModelPresetsByIds, pagedSincalModelPresetsSUPER_ADMIN, MODELLER
SINCAL_EXPORT_PRESET:UPDATEupdateSincalModelPresetSUPER_ADMIN, MODELLER
STUDIES:CREATEaddStudiesSUPER_ADMIN, DEVELOPER
STUDIES:DELETEdeleteStudiesSUPER_ADMIN, DEVELOPER
STUDIES:READstudiesById, studies, pagedStudies, resultsById, stylesByIdSUPER_ADMIN, DEVELOPER