Roles and site access for users
The text in this article primarily focuses on roles and site access for users, but it also applies to roles and site access for applications. |
The Roles and site access tab (via: menu Users > click on a user) lists the sites to which the user has been granted access and the roles the user has been assigned.
When creating a new user, you first grant the user access to sites, and in the next step, you grant feature permissions by assigning roles.
Additionally, existing users can modify their site access and assigned roles by using the three dots button on this page.
Granting site access to users
First, you choose which sites to give the user access to. This can be a selection of sites or the full organization. If you choose full organization, the user will have access to all sites, including sites added to the organization in the future.
Assigning roles to users
Before assigning roles, ensure that you have created the roles that match your desired organizational setup. More information on Roles. |
It's strongly recommended to have at least two administrators (users with the user management permission) within your organization. |
After granting site access, you grant the user feature permissions by assigning roles. A role can be assigned at either the organizational level or the site level. At the organization level, you can assign roles both via the Users tab per user and via the Roles tab per role. At the site level, you can only assign roles per user via the Users tab.
You can assign one or more roles to a user. If a user is assigned multiple roles, the sum of the permissions in the roles applies.
A role can potentially contain both site-specific and organization-wide permissions.
The following example illustrates the permissions that result when roles are assigned at both the organizational level and the site level.
a, d: organization-wide permissions* (can only be assigned at the organizational level)
b, c, e: site-specific permissions* (may be assigned at the site level)
* Indicated for all user permissions for Building Automation in the Explanation of user permissions in (Building Automation).
In this example, the user has been granted access to 2 of the 3 sites of this organization. The user has been assigned 2 roles, one at the organization level and one at the site level. Both roles contain organization-wide permissions (purple) as well as site-specific permissions (blue).
Permissions b and e, granted through role 1, apply to all sites to which you have given the user access
Permission d, granted through role 2, is a permission that cannot be granted at the site level as it is an organization-wide permission. As a result, this permission will not take effect for this user. Please note that you will be notified when assigning a role at the site level that contains organization-wide permissions.
Although it is recommended to utilize roles, it is also possible at the organizational level to grant user-specific permissions. To do this, go to the Feature permissions tab for the user (more info).
If the user’s permissions are changed, they may need to re-sign in for them to take effect. |