ThingsBoard Professional Edition (PE) Role Feature ## Intro * The role feature is only in the ThingsBoard Professional Edition * A Role contains a list of Resources and a list of allowed Operations for each of those resources. There are two Role types: **Generic** and **Group** * The **Generic Role** consists of the set of permissions that are applied to all entities of the Tenant or Customer or Sub-customer recursively * The **Group Role** defines a set of permissions for a specific group of users in relation to a specific group of entities * Role Setting * After adding a role character, the role can be applied in the user group * Tenant setting `Users > Groups`  * Customer setting `Customers > All > Customer A: Users > Groups`    * Not only Customer, tenant can also be set up a specific authority * Except original tenant authority can't change, you can add a new tenant group with a new authority limit  <br/><br/> ## TB PE RBAC Structure :::info * Each Owner may have multiple Entity Groups, User Groups, and Customer Groups * Each Entity has only one owner. However, Entities can belong to multiple Entity Groups that belong to the same owner * Since Entity Group has only one Owner, you can assign Group Role to any User Group that belongs to the same Owner or any parents of the Owner :::     Generic Roles  ## Reference [Advanced Role-Based Access Control (RBAC)](https://thingsboard.io/docs/pe/user-guide/rbac/) <br/> TB CE RBAC Structure