## Role Feature * The role feature is only in the **ThingsBoard Professional Edition (TB PE)** * A Role contains a list of Resources and a list of allowed Operations for each of those resources. There are two Role types: **Generic** and **Group** <br/> ### Generic Role * Setup how many menu items for the role can use * Selection * Resource: menu items * Operation: change owner, CRUD, rpc call, assign to tenant, claim devices <br/> ### Group Role * Decide how much authority can be used when sharing group * Selection examples: * share group * rpc call * create * delete * read attribute/telemetry/credentials * write attribute/telemetry/credentials * all <br/> ## Owner * ==Each entitie has only one owner== * Each Owner may have multiple Entity Groups, User Groups, and Customer Groups * Only device owner has the right to assign/share the devices * ==Since Entity Group has only one Owner, you can assign Group Role to any User Group that belongs to the same Owner or any parents of the Owner== <br/> ## TB PE RBAC Structure ![role7](https://hackmd.io/_uploads/SJdrxfjha.png) ![role9](https://hackmd.io/_uploads/HyzPezina.png) <br/> Compared to ThingsBoard PE, the RBAC structure in ThingsBoard Community Edition is simpler. However, this also means it offers less flexibility in setting up authority hierarchy. ![role12](https://hackmd.io/_uploads/Sklqgfina.png) <br/> ## Reference [Advanced Role-Based Access Control (RBAC)](https://thingsboard.io/docs/pe/user-guide/rbac/)