Group Management

OSS devices are organized into Groups. All sharing, transfer, and permission management happens at the group level; devices automatically inherit whatever access a group grants. If you need to share a single device, place it in its own group and share that group.

Basic Rules & Definitions

Device Creation & ID

When a device is added in the app, you name it and it’s provisioned with a unique ID.

Mandatory Group Assignment

Every device must belong to exactly one group and cannot exist outside a group.

Moving Devices Between Groups

With sufficient permission, you can move a device to another group; it immediately inherits the new group’s access.

Isolating Access for a Single Device

Create a new group → move the device into it → configure that group’s access.

Group Lifecycle

Deletion Warning

Deleting a group permanently deletes all devices in it and severs their cloud connections.

Sharing Behavior

Sharing a group shows the entire group (and all its devices) in the recipient’s UI.

Ownership

Each group has one Owner.

A tip note icon.There is no device-level sharing.
To share a single device, place it in a dedicated group and share that group.


Access Levels

Seven access levels apply to groups:

Super-Admin

Consent-based support role with full control; can disable its own access after resolution.

A tip note icon.Super-Admin is reserved for Tibbo support staff and is disabled by default. It provides temporary, consent-based assistance above Owner level.

Owner

Full control, including billing/notifications, user/role management, transfer of ownership, bulk actions, and Super-Admin toggle.

Lessor

Downgraded Owner for subscription arrangements. Can assign/revoke Tenant and add devices; cannot delete group, change access, or run bulk actions.

Tenant

Operational lead for a leased group: rename devices, change settings, run bulk actions, manage users, and toggle Super-Admin. Cannot add devices, rename/delete/leave group, or transfer ownership.

Admin

Operational manager (no billing). Can run bulk actions, view access list, add/remove users and adjust roles (except Owner/Admin), and leave the group. Cannot rename/delete group, move devices between groups, or transfer ownership.

Editor

Can change device settings (per-device), perform normal operations, and leave the group; cannot run bulk actions or manage users/groups.

Viewer

Read-only monitoring of data and events; can leave the group.


Access Level Scenarios

Access levels exist to allow a wide variety of use cases. For example, a university has multiple buildings, each with sensors (temperature, CO2, humidity, etc.) managed via OSS. They want different people to have different access depending on responsibility. The below table gives an example of how different people who would use different roles.

Role

Who it maps to

What they need to do

Super-Admin

Tibbo support

Full access, diagnose issues, push firmware, see all devices, override settings if needed

Owner

University’s Facilities & Infrastructure Director

Billing, subscription, manage which buildings are connected, can transfer ownership, add device groups, invite users

Admin

Building Manager or Facility Engineer

Can manage daily operations: run bulk updates on sensor firmware, view who has access, add/remove users to the lab groups under their building, leave groups if moved

Editor

Technical staff or grad students

They need to tweak sensor settings, maybe calibrate certain sensors, change alerts, but don’t need user management or billing

Viewer

Department heads, environmental health & safety, auditors

Only need to see data, get alerts or reports, monitor what's happening; no changes


Permission Matrix

Action

Super-Admin

Owner

Lessor

Tenant

Admin

Editor

Viewer

Create a new device

Yes

Yes

Yes

No

No

No

No

Rename a device

Yes

Yes

No

Yes

Yes

No

No

Configure device (actually reconfigure)

Yes

Yes

Yes

No

No

No

No

Update firmware

Yes

Yes

No

Yes

Yes

No

No

Reset password

Yes

Yes

No

Yes

Yes

No

No

Migrate device

Yes

Yes

Yes

No

No

No

No

Assign new DPS

Yes

Yes

Yes

No

No

No

No

Delete a device

Yes

Yes

No

No

No

No

No

Change device settings

Yes

Yes

No

Yes

Yes

Yes

No

Perform bulk upgrade/settings (group)

Yes

Yes

No

Yes

Yes

No

No

Share group or manage user access

Yes

Yes

No

Yes

Partial

No

No

Transfer ownership

Yes

Yes

No

No

No

No

No

View user access list

Yes

Yes

Partial

Yes

Yes

No

No

Rename a group

Yes

Yes

No

No

No

No

No

Delete a group

Yes

Yes

No

No

No

No

No

Leave a group (self-remove)

N/A

No

No

No

Yes

Yes

Yes

Move a device between groups

No

Yes

No

No

No

No

No

View devices belonging to a group

Yes

Yes

Yes

Yes

Yes

Yes

Yes

View sensor data

Yes

Yes

No

Yes

Yes

Yes

Yes

View device events

Yes

Yes

No

Yes

Yes

Yes

Yes

Enable/disable Super-Admin access

Yes

Yes

No

Yes

Yes

No

No


Inviting Users to Groups

On the Devices page, click on one of your groups.

On the Group page, click on "Users".

On the Users page, click the plus icon.

Enter the new user's email address, select a role and click "Add".

The invited user will receive an email inviting them to the group.

The invited user will receive an invitation email. They must click the "Join" button in the email to be added to the group.


Changing Roles of Users

On the Users page, click the three dots next to a user's email address.

Click "Change Role..."

Select the chosen new role.

Click "Change" to confirm the new role.


Updating Firmware for all Devices in a Group

On the Devices page, click on one of your groups.

On the Group page, click on "Update Firmware".

Ensure the Link field is populated with an OSS FOTA link and press "Run".

Next Step

Group Management

Basic Rules & Definitions

Access Levels

Access Level Scenarios

Permission Matrix

Inviting Users to Groups

Changing Roles of Users

Updating Firmware for all Devices in a Group

Next Step