Group Management
OSS devices are organized into Groups. All sharing, transfer, and permission management happens at the group level; devices automatically inherit whatever access a group grants. If you need to share a single device, place it in its own group and share that group.
Basic Rules & Definitions
Device Creation & ID
When a device is added in the app, you name it and it’s provisioned with a unique ID.
Mandatory Group Assignment
Every device must belong to exactly one group and cannot exist outside a group.
Moving Devices Between Groups
With sufficient permission, you can move a device to another group; it immediately inherits the new group’s access.
Isolating Access for a Single Device
Create a new group → move the device into it → configure that group’s access.
Group Lifecycle
- Create groups from the mobile app or any supported UI.
- Each account starts with a Default group.
- Groups are flat (no nesting) and contain devices only.
- Only the Owner can rename or delete a group.
Deletion Warning
Deleting a group permanently deletes all devices in it and severs their cloud connections.
Sharing Behavior
Sharing a group shows the entire group (and all its devices) in the recipient’s UI.
Ownership
Each group has one Owner.
There is no device-level sharing.
To share a single device, place it in a dedicated group and share that group.
Access Levels
Seven access levels apply to groups:
Super-Admin
Consent-based support role with full control; can disable its own access after resolution.
Super-Admin is reserved for Tibbo support staff and is disabled by default. It provides temporary, consent-based assistance above Owner level.
Owner
Full control, including billing/notifications, user/role management, transfer of ownership, bulk actions, and Super-Admin toggle.
Lessor
Downgraded Owner for subscription arrangements. Can assign/revoke Tenant and add devices; cannot delete group, change access, or run bulk actions.
Tenant
Operational lead for a leased group: rename devices, change settings, run bulk actions, manage users, and toggle Super-Admin. Cannot add devices, rename/delete/leave group, or transfer ownership.
Admin
Operational manager (no billing). Can run bulk actions, view access list, add/remove users and adjust roles (except Owner/Admin), and leave the group. Cannot rename/delete group, move devices between groups, or transfer ownership.
Editor
Can change device settings (per-device), perform normal operations, and leave the group; cannot run bulk actions or manage users/groups.
Viewer
Read-only monitoring of data and events; can leave the group.
Access Level Scenarios
Access levels exist to allow a wide variety of use cases. For example, a university has multiple buildings, each with sensors (temperature, CO2, humidity, etc.) managed via OSS. They want different people to have different access depending on responsibility. The below table gives an example of how different people who would use different roles.
Role |
Who it maps to |
What they need to do |
Super-Admin |
Tibbo support |
Full access, diagnose issues, push firmware, see all devices, override settings if needed |
Owner |
University’s Facilities & Infrastructure Director |
Billing, subscription, manage which buildings are connected, can transfer ownership, add device groups, invite users |
Admin |
Building Manager or Facility Engineer |
Can manage daily operations: run bulk updates on sensor firmware, view who has access, add/remove users to the lab groups under their building, leave groups if moved |
Editor |
Technical staff or grad students |
They need to tweak sensor settings, maybe calibrate certain sensors, change alerts, but don’t need user management or billing |
Viewer |
Department heads, environmental health & safety, auditors |
Only need to see data, get alerts or reports, monitor what's happening; no changes |
Permission Matrix
Action |
Super-Admin |
Owner |
Lessor |
Tenant |
Admin |
Editor |
Viewer |
Create a new device |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Rename a device |
Yes |
Yes |
No |
Yes |
Yes |
No |
No |
Configure device (actually reconfigure) |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Update firmware |
Yes |
Yes |
No |
Yes |
Yes |
No |
No |
Reset password |
Yes |
Yes |
No |
Yes |
Yes |
No |
No |
Migrate device |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Assign new DPS |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Delete a device |
Yes |
Yes |
No |
No |
No |
No |
No |
Change device settings |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
No |
Perform bulk upgrade/settings (group) |
Yes |
Yes |
No |
Yes |
Yes |
No |
No |
Share group or manage user access |
Yes |
Yes |
No |
Yes |
Partial |
No |
No |
Transfer ownership |
Yes |
Yes |
No |
No |
No |
No |
No |
View user access list |
Yes |
Yes |
Partial |
Yes |
Yes |
No |
No |
Rename a group |
Yes |
Yes |
No |
No |
No |
No |
No |
Delete a group |
Yes |
Yes |
No |
No |
No |
No |
No |
Leave a group (self-remove) |
N/A |
No |
No |
No |
Yes |
Yes |
Yes |
Move a device between groups |
No |
Yes |
No |
No |
No |
No |
No |
View devices belonging to a group |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
View sensor data |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
View device events |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
Enable/disable Super-Admin access |
Yes |
Yes |
No |
Yes |
Yes |
No |
No |
Inviting Users to Groups
On the Devices page, click on one of your groups.

On the Group page, click on "Users".

On the Users page, click the plus icon.

Enter the new user's email address, select a role and click "Add".
The invited user will receive an email inviting them to the group.

The invited user will receive an invitation email. They must click the "Join" button in the email to be added to the group.

Changing Roles of Users
On the Users page, click the three dots next to a user's email address.

Click "Change Role..."

Select the chosen new role.

Click "Change" to confirm the new role.

Updating Firmware for all Devices in a Group
On the Devices page, click on one of your groups.

On the Group page, click on "Update Firmware".

Ensure the Link field is populated with an OSS FOTA link and press "Run".
