This article relates to managing access groups and roles. Please note that you can have multiple shares for the same group or place. Kisi will allow access if at least one of the shares permits access. This means permissive groups override non-permissive groups.
Kisi has a number of user roles that are key to managing people. Users and members are essentially equivalent terms; it's the broadest definition for all people who are invited and have access to your place(s).
In this article, we will cover the user roles and permissions for:
Understanding Kisi user roles
The most important and powerful role in Kisi is the account Owner (Place Owner/Organization Owner). It is only possible to set up 1 Owner account and as such, we recommend that role be assigned to a generic email address (e.g. it@company.com).
API keys can only be created by Place/Organization Owners or Place/Organization Administrators. We recommend generating API keys from the place Place/Organization Owner account to avoid the API key becoming invalid when a user loses their Administrator rights.
User roles differ based on the version of Kisi you are using (Standard vs Organizations) and can be defined at the Place/Organization and Group/Team levels.
To assign a role at the Place/Organization level:
- Sign in to your Kisi account
- Click on Members/Users
- Open the Member/User profile and under Permissions, click on the ••• (more) button next to Role
- Click Save
To assign a role at the Group/Team level:
- Sign in to your Kisi account
- Click on Members/Users
- Open the Member/User profile and scroll down to Memberships/Teams and click on the Group/Team that you want to edit
- Under Role, click the ••• (more) button next to Role
- Click Save
Kisi Standard Place
A user can be issued different roles which will determine what features they can edit. The diagram below gives a general overview of the differences between a regular user, observer, manager, administrator and place owner.
On Kisi's standard plan you can create unlimited managers.
Basic User |
Groups |
Groups Manager | Place Observer* |
Place Manager |
Place Administrator | Place Owner | |
Access doors for this place | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
View member access to this group | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
View member access to this place | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ |
View restrictions for this place | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
Edit shares for members in group | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ |
Edit shares for members in place | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
Manage restrictions for this place | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
Manage groups for this place | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
Manage doors for this place | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
Manage integrations for this place | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
Update billing information | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
Transfer place to new Owner | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
*Observer roles have been deprecated in early 2021.
Kisi Organizations
In general, the Groups (they are called Teams in Organizations) are the same thing as Groups in your old account.
Basic User |
Organizations Manager |
Team Administrator | Organizations Administrator | Organizations Owner | |
Can access doors for this place | ✅ | ✅ | ✅ | ✅ | ✅ |
Can view member access to their team | ❌ | ✅ | ✅ | ✅ | ✅ |
Can view restrictions for their team | ❌ | ✅ | ✅ | ✅ | ✅ |
Can add/delete shares for members in their team | ❌ | ✅ | ✅ | ✅ | ✅ |
Can create Event and Member Exports | ❌ | ✅ | ✅ | ✅ | ✅ |
Can manage schedules | ❌ | ✅ | ✅ | ✅ | ✅ |
Can manage restrictions for this place | ❌ | ❌ | ✅ | ✅ | ✅ |
Can manage teams for this organization | ❌ | ❌ | ❌ | ✅ | ✅ |
Can manage doors for this organization | ❌ | ❌ | ❌ | ✅ | ✅ |
Can manage integrations for this organization | ❌ | ❌ | ❌ | ✅ | ✅ |
Can update billing information | ❌ | ❌ | ❌ | ✅ | ✅ |
Can create new organizations administrators | ❌ | ❌ | ❌ | ✅ | ✅ |
Can view and configure SSO/SCIM | ❌ | ❌ | ❌ | ❌ | ✅ |