This article relates to managing access groups and roles. Please note that you can have multiple shares for the same group or place. Kisi will allow access if at least one of the shares permits access. This means permissive groups override non-permissive groups.
Standard Kisi Place
A user can be issued different roles which will determine what features they can edit. The diagram below gives a general overview of the differences between a regular user, observer, manager, administrator and place owner.
On Kisi's standard plan you can create unlimited managers.
| Access Only |
Groups |
Groups Manager | Place Observer |
Place Manager |
Place Administrator | Place Owner | |
| Access doors for this place | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| View member access to this group | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| View member access to this place | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ |
| View restrictions for this place | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
| Edit shares for members in group | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ |
| Edit shares for members in place | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
| Manage restrictions for this place | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Manage groups for this place | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Manage doors for this place | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Manage integrations for this place | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Update billing information | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Transfer place to new Owner | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
API keys can only be created by entire place admins or place owners. They should only be created by place owners to avoid the API key becoming invalid when a place admin looses their admin rights.
To assign a place wide admin, go to the member, scroll to the bottom to "memberships" and click on "entire place".
On the bottom click on "Role" and change it to "Place Administrator":
Organizations
In general, the Groups (they are called Teams in Organizations) are the same thing as Groups in your old account.
| Basic User |
Organizations Manager |
Team Administrator | Organizations Administrator | Organizations Owner | |
| Can access doors for this place | ✅ | ✅ | ✅ | ✅ | ✅ |
| Can view member access to their team | ❌ | ✅ | ✅ | ✅ | ✅ |
| Can view restrictions for their team | ❌ | ✅ | ✅ | ✅ | ✅ |
| Can add/delete shares for members in their team | ❌ | ✅ | ✅ | ✅ | ✅ |
| Can create Event and Member Exports | ❌ | ✅ | ✅ | ✅ | ✅ |
| Can manage schedules | ❌ | ✅ | ✅ | ✅ | ✅ |
| Can manage restrictions for this place | ❌ | ❌ | ✅ | ✅ | ✅ |
| Can manage teams for this organization | ❌ | ❌ | ❌ | ✅ | ✅ |
| Can manage doors for this organization | ❌ | ❌ | ❌ | ✅ | ✅ |
| Can manage integrations for this organization | ❌ | ❌ | ❌ | ✅ | ✅ |
| Can update billing information | ❌ | ❌ | ❌ | ✅ | ✅ |
| Can create new organizations administrators | ❌ | ❌ | ❌ | ✅ | ✅ |
| Can view and configure SSO/SCIM | ❌ | ❌ | ❌ | ❌ | ✅ |
API keys can only be created by Organization Administrators or Organization Owners. As a best practice, we recommend creating API keys from the Organization Owners account, to avoid the API key becoming invalid when an organization admin loses their admin rights.