Access Rights
Access rights (i.e., roles) define access privileges and make sure users are managed efficiently. In Kisi there are several different roles, depending on which level you want to share access: group, place or organization level.
A user can't have more than one role in the same place or group, but can have more than one place- or group-level roles for different places and groups. (e.g. place access manager for Place A and place administrator for Place B).
Organization-level access rights
The resources listed are all referring to resources in the organization (e.g. Users with organization access manager rights can unlock any door in the organization).
The organization owner access right cannot be assigned through the UI. Only one individual can hold the organization owner role. If required, the organization can be transfered to another user.
Resource/Role | Observer | User manager | Organization access manager | Organization administrator | Organization owner (not assignable via the UI) |
---|---|---|---|---|---|
Access links | view | view, create, delete | view, create, delete | view, create, delete | |
Access rights(*) | view | view, create, update, delete (except: create place administrator rights) | view, create, update, delete | view, create, update, delete | |
Access schedules | view | view | view, create, update, delete | view, create, update, delete | |
Analytics | view | view | view | view | |
Alert policies | view, create, update, delete | view, create, update, delete | |||
Cameras | view | view, create, delete | view, create, delete | ||
Capacity Management | view | view | view, create, update, delete | view, create, update, delete | |
Cards | view, create, update, delete | view, create, activate, deactivate, update, delete | view, create, activate, deactivate, update, delete | view, create, activate, deactivate, update, delete | |
CSV card imports | view, create | view, create | view, create | ||
CSV user imports | view, create | view, create | view, create | ||
Door lockdown | view | enable, disable | enable, disable | ||
Doors | view | view, unlock | view, unlock, create, update, delete | view, unlock, create, update, delete | |
Elevators | view | view | view, create, change settings, delete | view, create, change settings, delete | |
Elevator stops | view | view | view, create, update, delete | view, create, update, delete | |
Events | view | view | view | view | |
Event reports | view, create | view, create | view, create | view, create | |
Floors | view | view | view, create, update, delete | view, create, update, delete | |
Groups | view | view | view, create, update, delete | view, create, update, delete | |
Hardware | view | view, create, update, delete | view, create, update, delete | ||
Insights | view, create | view, create | view, create | view, create | |
Integrations | view, create, update, delete | view, create, update, delete | |||
Logins | view, delete | view, delete | |||
Place lockdown | view | enable, disable | enable, disable | ||
Places | view | view | view, create, update, delete | view, create, update, delete | |
Report schedules | view, create | view, create | view, create | view, create | |
Subscriptions | view | view | |||
Unlock schedules | view | view, create, update, delete | view, create, update, delete | view, create, update, delete | |
Users | view | view, create, update, delete | view, create, update, delete | view, create, update, delete | view, create, update, delete |
User reports | view, create | view, create | view, create | view, create | |
Visitor Management | view, create, update, delete | view, create, update, delete | |||
Zones | view, create, update, delete, reset | view, create, update, delete, reset |
(*) a user may not demote the permission level of a user with higher permissions than them, or assign a permission that's higher than their own permission level.
Place-level access rights
The following table lists permissions available for access rights on place level. Please note that the resources listed are meant on place level. (e.g. Users with place administrator rights can unlock doors only in that specific place where they have this role)
Resource/Role | Place door access | Place access manager | Place administrator |
---|---|---|---|
Access links | view, create, delete | view, create, delete | |
Access rights(*) | view, create, update, delete | view, create, update, delete | |
Access schedules | view | view, create, update | |
Analytics | view | view | |
Cameras | view, create, delete | ||
Capacity Management | view, create, update, delete (except: who is to be notified) | ||
Door lockdown | enable, disable | ||
Doors | view, unlock | view, unlock | view, unlock, create, update, delete |
Elevators | view | view, create, change settings, delete | |
Elevator stops | view | view | view, create, update, delete |
Floors | view | view | view, create, update, delete |
Groups | view Place groups | view, create, update, delete Place groups | |
Hardware | view, create, update, delete | ||
Integrations | view, create, update, delete | ||
Place lockdown | enable, disable | ||
Places | view | view | view, update, delete |
Unlock schedules | view, create, update | view, create, update, delete | |
Users | view, add to Place groups | view, add/remove to/from Place groups | |
Zones | view, create, update, delete, reset |
(*) a user may not demote the permission level of a user with higher permissions than them, or assign a permission that's higher than their own permission level.
Place roles allow to add new/existing users to place groups. When adding a new user to a place group, the new user will appear in the list of all users. However, place roles don't give access to update or remove users and assign or deassign cards from them. Make sure to assign user manager organization role in addition to the place roles, if required.
Place groups contain doors only from the same place, and allow changes also by place administrators.
Group-level access rights
The following table lists permissions available for access rights on group level. Please note that the resources listed are meant on group level (e.g. users with group manager rights can unlock doors only in that specific group where they have this role)
Resource/Role | Door access | Group manager |
---|---|---|
Access links | view, create, delete | |
Access rights(*) | view, create, update, delete | |
Doors | view, unlock | view, unlock |
Elevator stops | view, get access | view, get access |
Floors | view | view |
Groups | view | |
Places | view | view |
Users | view |
(*) a user may not demote the permission level of a user with higher permissions than them, or assign a permission that's higher than their own permission level.
Group manager is allowed to add new/existing users to their group. When adding a new user to a group, the new user will appear in the list of all users. However, group managers don't have access to update or remove users and assign or deassign cards from them. Make sure to assign user manager organization role in addition to the group manager role, if required.
Access rights overview
The Access rights tab in the left-hand navigation is your go-to page to:
- get an instant overview of all users and their roles on group, place, and organization level
- find specific users by filtering by role (e.g. show all Access managers on the Place level)
- share access rights