Skip to content
Stand with Ukraine flag
Star
 
Pricing Try it now

Users

In ThingsBoard, a User is a principal entity with credentials to authenticate and access the platform. Users are governed by an access control model that defines what operations they can perform and which platform resources they may access.

User Management Concepts

Section titled “User Management Concepts”

Ownership

Section titled “Ownership”

Each user belongs to a specific Tenant or Customer and is assigned to one or more user groups that determine their permissions and roles.
Ownership determines the scope of data and resources available to the user.

Access Control Model

Section titled “Access Control Model”

ThingsBoard uses a Role-Based Access Control (RBAC) model:
  • Permissions specify actions (read, write, manage) that a user can execute on platform resources such as devices, assets, dashboards, etc.
  • Roles are sets of permissions.
  • Roles are assigned to user groups, not directly to individual users.

User groups aggregate users with similar access requirements and simplify bulk permission management. A user can belong to multiple groups simultaneously and inherits permissions from all assigned groups.

ThingsBoard provides built-in user groups and supports creation of custom groups:
  • Tenant-level groups: Tenant Administrators, Tenant Users
  • Customer-level groups: Customer Administrators, Customer Users
  • All group: A default group that all users belong to; it carries no permissions by default.

Create a New User

Section titled “Create a New User”

Only Tenant administrators and Customer administrators can create users.

  1. Navigate to Users from the left-hand menu.
  2. Click + Add user in the top right corner.
  3. Complete the user form:
    • Email — used as the login username.
    • First name, last name, phone (optional).
    • Language and unit system (optional).
  4. Select the activation method:
    • Display activation link – generates an activation link for manual sharing.
    • Send activation email – sends the activation link to the user automatically.
  5. Click Next: Owner and groups and configure access scope:
    • Assign the Owner (Tenant or Customer).
    • Add the user to one or more User groups to grant initial permissions.
  6. Click Add to create the user.

After creation, the user must activate the account using the provided link and set a password before logging in.

User Activation

Section titled “User Activation”

After receiving the activation link, the user sets a password to activate the account.

  1. Open the activation link.
  2. Enter and confirm a password.
  3. Click Create password.

Once the password is created, the user can log in and access resources according to their assigned permissions.

User Details

Section titled “User Details”

The User details panel displays and lets you edit all user account properties.

  1. Navigate to Users from the left-hand menu.
  2. Click the user in the list.

The panel contains the following fields:

  • Email (required): The user’s login credential and unique identifier on the platform.
  • First name: The user’s given name, shown in the UI and notifications.
  • Last name: The user’s family name, shown in the UI and notifications.
  • Phone: Contact number in E.164 format like +12015550123. Use the flag selector to set the country code prefix.
  • Language: The display language for this user’s UI session.
  • Unit system: The measurement unit system used in the UI for this user. Select Auto to inherit the tenant-level setting, Metric for SI units, Imperial for US customary units, or Hybrid to mix metric and imperial.
  • Description: Free-text field for notes about the user.
  • Default dashboard: The dashboard opened automatically after login. Enable Always fullscreen to open the dashboard in fullscreen mode and hide the toolbar.
  • Home dashboard: The dashboard opened when the user clicks Home in the navigation bar. Enable Hide home dashboard toolbar to hide the navigation toolbar when this dashboard is open.
  • Custom menu: Assigns a custom navigation menu to the user, replacing the default sidebar.

To save changes, click the checkmark icon at the top of the panel.

Managing Users

Section titled “Managing Users”

Log In as a User

Section titled “Log In as a User”

Administrators can log in as another user to verify access rights and troubleshoot permission issues.

  1. Open the Users page.
  2. In the users list, click the Login as … icon next to the required user (the available option depends on the user’s role).
  3. The session switches to the selected user’s access scope.

Change Owner and Groups

Section titled “Change Owner and Groups”

Changing the owner repositions the user in the multi-tenant hierarchy and updates their accessible resources accordingly.

  1. Open the Users page and select the required user.
  2. In the user details view, click Manage owner and groups.
  3. Update the Owner (Tenant or Customer) if necessary.
  4. Add or remove the user from the required User groups.
  5. Click Update to apply the changes.

Enable or Disable User Account

Section titled “Enable or Disable User Account”

Disabling a user account temporarily restricts access without deleting it. A disabled user cannot log in or access any tenant resources.

  1. Open the Users page and select the required user.
  2. In the user details view, click Enable/Disable User Account to toggle the account status.

Delete a User

Section titled “Delete a User”

Administrators with sufficient permissions can delete user accounts.

  1. Open the Users page.
  2. Click the Delete (trash bin) icon next to the user.
  3. Confirm the deletion.

Best Practices

Section titled “Best Practices”

Assign users only to groups with the minimum required roles.

Use distinct groups for different permission sets (e.g., read-only vs. manage).

Review group membership regularly to minimize unnecessary access.

Configure outgoing mail server settings to support automated activation workflows.

© 2026 The ThingsBoard Authors