Skip to main content
Framed content
A user is person with a Miru account who can (or was previously able to) login to a workspace and access that workspace’s resources. Users are identified by their email address and can only belong to one workspace. Thus, you cannot login to multiple workspaces with the same email address.

Roles

Roles are the access levels of a user in a workspace. There are three roles:
  • owner - total access to the workspace; exactly one per workspace
  • admin - administrative and application access to the workspace; is subordinate to the owner
  • member - application access to the workspace but no administrative privileges

Admin permissions

Owners and admins hold administrative privileges while members do not. Such privileges grant them the following permissions:
PermissionDescription
api_keys:createCreate a new API key
api_keys:updateUpdate an existing API key
api_keys:deleteDelete an existing API key
invites:createSend an invite
invites:resendResend an invite
invites:revokeRevoke an invite
users:suspendSuspend a user
users:updateUpdate another user (their name)
users.role:updateUpdate another user’s role
workspaces:updateUpdate the workspace
Of course, owners have some special immunity from the above permissions to prevent unwanted privilege escalation:
  • Owners cannot be suspended
  • Owners cannot have their role changed by another user

Owner permissions

As mentioned above, a workspace must have exactly one owner. Thus, owners cannot leave their workspace (or be suspended). However, owners can transfer ownership to another member. Thus, in addition to the above admin permissions, owners also have a special permission for transferring workspace ownership:
PermissionDescription
workspaces:transferTransfer workspace ownership to another member

Member permissions

Members hold application access to the workspace without administrative privileges. We won’t detail every single permission here. Suffice to say, members can perform any action that is not an administrative or owner-only action. This includes creating devices, deploying configurations, etc.

Statuses

To maintain an accurate audit trail of user activity, users cannot be deleted from a workspace. However, users can be suspended by an admin or leave the workspace themselves. As such, there are three possible statuses for a user:
  • active - the user can login and access workspace resources
  • suspended - the user’s access was revoked by an admin; the user cannot login to the workspace nor access any resources
  • left - the user has left the workspace; the user cannot login to the workspace or access any resources
Users who have been suspended or left can be re-invited to the workspace by an admin at any time via an invite.

Properties

The following properties are used to identify and manage users.
first_name
mutableThe first name of the user. Must contain between 1 and 48 characters.Examples: John, Jane
last_name
mutableThe last name of the user. Must contain between 1 and 48 characters.Examples: Doe, Smith
email
immutableThe email address of the user.Examples: [email protected], [email protected]
role
mutableThe access role of the user in the workspace.Examples: member, admin, owner
status
mutableThe status of the user in the workspace.Examples: active, suspended, left