When it comes to accessing Asset and Event data stored in the platform it is extremely flexible thanks to the use of Attribute-Based Access Control in Access Policies and Bring-Your-Own-Identity login. Groups of users can be expressed in terms of any attribute your IDP is able to express, enabling a blend of traditional RBAC with highly innovative claims-based access control.
Permissions on Assets and their Events can be managed graphically in the UI under the Access Policies section, or programatically using the IAM Policies API. Please note that only tenant Root Users can modify Access Policies.
Read more about Asset access control in our concept docs here.