User Permissions

The Hydrolix platform uses role based access control (RBAC) for user permissions and management. Each user should be created within the Hydrolix platform either through the API or via the Portal.

Users & Tokens

  • users are authenticated via an email address & password.
  • tokens are authenticated via a (revocable) OAuth token id
  • In the future we will support MFA and SAML-based authentication as well.

Each user can have the following Roles applied.


Roles represent a set of permissions. For example:

  1. administrator - can access config api, and change any setting
  2. operator - can access config api, but can only view current settings
  3. reader - can access query api to query data

Initially we only support these 3, but we plan to add support for custom roles in the future.


Permissions are granular privileges applied to an individual user or token, granting them the ability to take specific actions for a specific set of resources.


Scopes come in three flavors:

  1. All projects: .
  2. One specific project: {project}.*
  3. One specific table: {project}.{table}


Superset and Grafana

The above permissions are not applied to Grafana and Superset, each of these systems will need to be independently configured for access and users. More the these systems can be found here - Superset and here - Grafana .