Roles determine the level of access a user has for Alumio. An available role gets assigned specific resource rules. The resource rules, in turn, allow actions to be performed on the API.

To register additional resources, use the guide to define role resources.

The following three roles are assigned to users.


When no specific user is logged in, the API is accessed by an anonymous user with the role IS_AUTHENTICATED_ANONYMOUSLY. This is used to allow webhooks access to the API.


All logged-in users are provided the ROLE_USER role, which results in read-only access to the API. Configuration, data, and statistics can be shown in the UI, yet updating configuration and adding or removing users is prohibited.

Additional users may be added to only inherit this role.


This role is automatically inherited for users that match any whitelisted domain. This role has full access to all API operations, which is reflected in the UI.