To be honest @iryna_l, the way that these default users are configured is crazy, and Blynk is crippling the product by keeping these defaults, and in my opinion that’s bad for Blynk as well as for users.
Blynk Legacy had an app sharing system which allowed non-admin users to use the app, but not edit the app layout or clear the historical data from charts etc.
This was a great way to give family members access to a project without them being able to break anything.
Because the “user” role has no ability to control or even view devices it is of no use at all in the user hierarchy, unless you’re a Pro subscriber - at which point you can edit these permissions.
The next access level up - “staff” can see and control devices, nut it has too many permissions. It can not only see and control devices owned by a user with that level of access, it can also see and control ALL devices within the organisation.
In addition, a user with “Staff” access can even do things like change the organisation name - which I would have expected to be at least an “Admin” level function, if not something restricted to the person with Developer status.
I flagged these issues up with @Pavlo here, and as you can see he said that the lack of permissions for the “User” role was intentional for corporate security…
yet later he said that this lack of permissions for the “User” role looked like a bug…
If locked-down default permissions are an issue for corporate security, then why does the “Staff” role have such a large leap in security access, and have the ability to change the organisation name?
I realise that Blynk’s aim is to prevent abuse of the system, and to ensure that it’s only the Pro and White Label subscribers that can effectively use Blynk for commercial purposes, but by doing this, even Plus subscribers have less functionality when it comes to sharing projects than they had in Legacy.
One of @Pavlo’s recent responses to the issue of not being able to restrict users to only one device was:
As Blynk allows Plus plan subscribers to have up to 20 devices, that doesn’t seem like a very sensible or rounded approach to device security.
Surely the answer is to review the default access levels for the “User”, “Staff” and “Admin” roles so that they have more meaningful and appropriate permissions, allowing Plus and Basic subscribers to allow family members to use some devices without having access to all of them, and without the other undesirable permissions that come with the minimum usable role of “Staff” ?
Pete.