Custom Roles
Custom roles allow administrators to create roles tailored specifically to the organization's unique access requirements. Administrators can select specific permissions across resources to create a personalized access profile. Once created, custom roles can be assigned to users at the organization, place, or group level.
Important Limitations
- Maximum of 10 custom roles per organization.
- Each custom role is limited to one scope: organization, place, or group.
- Permissions available per scope match those of standard access rights and are viewable in the UI.
- Custom roles cannot be created from scratch; you must begin by selecting and modifying an existing role. To achieve minimal permissions, start with a basic role and remove unnecessary permissions.
Creating a Custom Role
- Navigate to Settings->Custom Roles tab.
- Select Add New Role.
- Select Scope.
- Define the role's Name and Description.
- Choose a role from Create from another role.
- Click Add.
Assigning Custom Roles
Custom roles appear alongside standard roles when assigning access. Simply select the desired custom role from the dropdown when assigning roles to users.
Custom Role Permission Mapping
| Permission | Name | Category |
|---|---|---|
| access_keys_read | View Digital Credentials | Digital Credentials |
| access_keys_write | Manage Digital Credentials | Digital Credentials |
| analytics_read | View Analytics | Insights |
| apple_passes_read | View Apple Passes | Digital Credentials |
| apple_passes_write | Manage Apple Passes | Digital Credentials |
| cameras_read | View Cameras | Hardware |
| cameras_write | Manage Cameras | Hardware |
| camera_snapshots_read | View Camera Snapshots | Events |
| camera_snapshots_write | Manage Camera Snapshots | Events |
| camera_snapshot_sets_read | View Camera Snapshot Sets | Events |
| capacities_read | View Capacities | Places |
| capacities_write | Manage Capacities | Places |
| card_assignments_read | View Card Assignments | Cards |
| card_assignments_write | Manage Card Assignments | Cards |
| cards_activate | Activate Cards | Cards |
| cards_read | View Cards | Cards |
| cards_write | Manage Cards | Cards |
| csv_card_import_read | View CSV Card Import | Reports |
| csv_card_import_write | Manage CSV Card Import | Reports |
| csv_user_import_read | View CSV User Import | Reports |
| csv_user_import_write | Manage CSV User Import | Reports |
| custom_roles_read | View Custom Roles | Custom Roles |
| custom_roles_write | Manage Custom Roles | Custom Roles |
| dashboards_read | View Dashboards | Dashboards |
| elevator_stops_permit | Permit Elevator Stops | Elevators |
| elevator_stops_read | View Elevator Stops | Elevators |
| elevator_stops_write | Manage Elevator Stops | Elevators |
| elevators_read | View Elevators | Elevators |
| elevators_write | Manage Elevators | Elevators |
| event_export_reporters_read | View Event Export Reporters | Reports |
| event_export_reporters_write | Manage Event Export Reporters | Reports |
| events_read | View Events | Events |
| event_retention_policies_read | View Event Retention Policies | Event Retention |
| event_retention_policies_write | Manage Event Retention Policies | Event Retention |
| floors_read | View Floors | Floors |
| floors_write | Manage Floors | Floors |
| groups_read | View Groups | Groups |
| groups_write | Manage Groups | Groups |
| group_elevator_stops_read | View Group Elevator Stops | Elevators |
| group_elevator_stops_write | Manage Group Elevator Stops | Elevators |
| group_links_read | View Digital Credentials | Digital Credentials |
| group_links_write | Manage Digital Credentials | Digital Credentials |
| group_locks_read | View Group Locks | Groups |
| group_locks_write | Manage Group Locks | Groups |
| group_terminals_read | View Group Access Points | Access Points |
| group_terminals_write | Manage Group Access Points | Access Points |
| group_zones_read | View Group Zones | Intrusion Detection |
| group_zones_write | Manage Group Zones | Intrusion Detection |
| guests_read | View Guests | Visitor Management |
| guests_write | Manage Guests | Visitor Management |
| hardware_read | View Hardware | Hardware |
| hardware_write | Manage Hardware | Hardware |
| incidents_read | View Incidents | Incidents |
| incidents_write | Manage Incidents | Incidents |
| incident_occurrences_read | View Incident Occurrences | Incidents |
| incident_policies_read | View Incident Policies | Incidents |
| incident_policies_write | Manage Incident Policies | Incidents |
| integrations_read | View Integrations | Integrations |
| integrations_write | Manage Integrations | Integrations |
| intercom_completed_call_stream_read | View Intercom Completed Call Stream | Intercom |
| invites_write | Manage Invites | Access Rights |
| locks_read | View Locks | Doors |
| locks_unlock | Unlock Locks | Doors |
| locks_write | Manage Locks | Doors |
| logins_read | View Logins | Logins |
| logins_write | Manage Logins | Logins |
| managed_devices_read | View Managed Devices | Managed Devices |
| managed_devices_write | Manage Managed Devices | Managed Devices |
| marketplace_app_shares_read | View Marketplace App Shares | Integrations |
| marketplace_app_shares_write | Manage Marketplace App Shares | Integrations |
| marketplace_installations_read | View Marketplace Installations | Integrations |
| marketplace_installations_write | Manage Marketplace Installations | Integrations |
| place_analytics_reporters_read | View Place Analytics Reporters | Reports |
| place_analytics_reporters_write | Manage Place Analytics Reporters | Reports |
| place_dashboard_read | View Place Dashboard | Dashboards |
| places_read | View Places | Places |
| places_write | Manage Places | Places |
| reports_read | View Reports | Reports |
| reports_write | Manage Reports | Reports |
| role_assignments_read | View Role Assignments | Access Rights |
| role_assignments_write | Manage Role Assignments | Access Rights |
| scanned_card_read | View Scanned Card | Cards |
| scanned_card_write | Manage Scanned Card | Cards |
| scheduled_report_read | View Scheduled Report | Reports |
| scheduled_report_write | Manage Scheduled Report | Reports |
| schedules_read | View Schedules | Schedules |
| schedules_write | Manage Schedules | Schedules |
| shares_read | View Shares | Access Rights |
| shares_write | Manage Shares | Access Rights |
| teams_read | View Teams | Teams |
| teams_write | Manage Teams | Teams |
| team_memberships_read | View Team Memberships | Teams |
| team_memberships_write | Manage Team Memberships | Teams |
| terminals_read | View Access Points | Access Points |
| terminals_trigger | Trigger Access Points | Access Points |
| terminals_write | Manage Access Points | Access Points |
| presence_export_reporters_read | View Presence Export Reporters | Reports |
| presence_export_reporters_write | Manage Presence Export Reporters | Reports |
| unlock_permission_export_reporters_read | View Unlock Permission Export Reporters | Reports |
| unlock_permission_export_reporters_write | Manage Unlock Permission Export Reporters | Reports |
| user_export_reporters_read | View User Export Reporters | Reports |
| user_export_reporters_write | Manage User Export Reporters | Reports |
| users_read | View Users | Users |
| users_write | Manage Users | Users |
| visualization_page_reporters_read | View Visualization Page Reporters | Insights |
| visualization_page_reporters_write | Manage Visualization Page Reporters | Insights |
| visualization_page_shares_read | View Visualization Page Shares | Insights |
| visualization_page_shares_write | Manage Visualization Page Shares | Insights |
| zones_override | Override Zones | Zones |
| zones_read | View Zones | Zones |
| zones_reset | Reset Zones | Zones |
| zones_write | Manage Zones | Zones |
Suggestions and Use Cases
Scenario: Allowing a person to manage zones only. Initially, selecting these permissions seems logical:
- Override Zones
- View Zones
- Reset Zones
- Manage Zones
However, these permissions alone won't grant practical access to zones, as the user would see a "No place found" message. To properly manage zones, the user additionally needs:
- View Places permission to see available zones
- View Hardware permission to assign alarm controllers
- View Doors permission to assign doors
- View Users permission to assign alerts
Scenario: Allowing simplified management of users and credentials. In cases where staff should manage users, assign credentials, and access doors (if part of a group) without accessing full administrative functionality, the user needs:
- View and Manage Users permissions
- View and Manage Cards/Credentials permissions
- Unlock Locks permission (for door access within their assigned group)