Permissions
Contents:
^ Return to Account Management
Permissions allow account owners to provide additional users the ability to manage various aspects of their account and specified devices. These additional users are called Account Members.
Primary Owner
Since an account can have multiple owners, only the primary owner (person who created the account):
- Is responsible for billing
- Can delete the account
Roles
A role is a set of permissions. To view or create a new Role, go to the Roles tab.
Owner: This is a special role that exists for every account. It includes access to all permissions listed below and all account devices. This role cannot be deleted or changed.
Some features require a high level of responsibility so there are not permissions for those, instead we give access to the feature if the user has owner role on the account.
The current features that are only manageable by owners are:
- Manage account information
- Manage billing
- Manage roles and device permissions
Custom roles: Users can create an unlimited number of roles, specifying the name and the set of permissions that represent that role. These custom roles will not have access to permissions above only accessible to owners, but can include all or a subset of the permissions listed below.
To create a New Role click on the Add Role button.
Account Permissions
When Adding or Editing a Role, the permissions that can be granted to other users include the following:
- Manage Access Users
- Manage Access Guests
- Manage ACS Configuration - Only applicable for accounts that support ACS features
- Manage Devices - specifically, manage the settings of a device (Heartbeat Interval, Auto-lock mode, etc.
- Manage Locations
- Manage Schedules and Holiday Calendars
The word manage means: create, update and delete.
Note: If you do not give permission to Manage Access Users or Manage Access Guests, Account Members can still VIEW (not create, update or delete) Access Users or Access Guests for all doors and locks that they are given permissions for within Device Permissions. If you do not want them to see these Access Users, do not give them permissions to manage those locks in Device Permissions in the next step.
Device Permission
If an Account Member is invited with a role other than Owner, then Device Permissions will need to be set for the member. Remember, Owners get access to all devices.
Device Permissions are how you grant read access (or manage depending on user role) to a user for a Device, Device Group, Location or Account - ordered by descending level of granularity.
If a user is given access to devices for a Location for example, any device added to that location will be accessible to that user automatically.
Sample Workflow
Rob signs up for an account
- An account is created
- He gets an owner role in this account
- He is also the primary owner of this account since he created it
Rob creates the role HR Manager with permission Manage Access Users
Rob invites Denise to have the HR Manager role
- Denise receives an invitation e-mail and signs up
- Step #1 takes place for Denise's own account
- Denise gets assigned to role HR Manager in Rob's account
- Denise receives an invitation e-mail and signs up
Rob gives the "Device Permission" at the "Denver Office" location level to Denise.
- Now Denise can create access users to the new employees and give them access to locks of Denver Office
Rob invites Nolan to also become an owner of his account
- Nolan receives an invitation e-mail and signs up
- Step #1 takes place for Nolan's own account
- Nolan gets assigned to role owner in Rob's account
- Nolan gets access to all account devices
- Nolan receives an invitation e-mail and signs up