Skip to main content

Roles

Roles define access privileges and make sure users are managed efficiently. In Kisi there are several different roles, depending on which level you want to share access: group, place or organization level.

A user can't have more than one role in the same place or group, but can have more than one place- or group-level roles for different places and groups. (e.g. place access manager for Place A and place administrator for Place B).

Organization-level roles

The resources listed are all referring to resources in the organization (e.g. Users with organization access manager rights can unlock any door in the organization).

info

The organization owner role cannot be assigned through the UI. Only one individual can hold the organization owner role. If required, the organization can be transfered to another user.

Resource/RoleObserverUser managerOrganization access managerOrganization administratorOrganization owner (not assignable via the UI)
Access linksviewview, create, deleteview, create, deleteview, create, delete
Access rights(*)viewview, create, update, delete (except: create place administrator rights)view, create, update, deleteview, create, update, delete
Access schedulesviewviewview, create, update, deleteview, create, update, delete
Analyticsviewviewviewview
Alert policiesview, create, update, deleteview, create, update, delete
Camerasviewview, create, deleteview, create, delete
Capacity Managementviewviewview, create, update, deleteview, create, update, delete
Cardsview, create, update, deleteview, create, activate, deactivate, update, deleteview, create, activate, deactivate, update, deleteview, create, activate, deactivate, update, delete
CSV card importsview, createview, createview, create
CSV user importsview, createview, createview, create
Door lockdownviewenable, disableenable, disable
Doorsviewview, unlockview, unlock, create, update, deleteview, unlock, create, update, delete
Elevatorsviewviewview, create, change settings, deleteview, create, change settings, delete
Elevator stopsviewviewview, create, update, deleteview, create, update, delete
Eventsviewviewviewview
Event reportsview, createview, createview, createview, create
Floorsviewviewview, create, update, deleteview, create, update, delete
Groupsviewviewview, create, update, deleteview, create, update, delete
Hardwareviewview, create, update, deleteview, create, update, delete
Integrationsview, create, update, deleteview, create, update, delete
Loginsview, deleteview, delete
Place lockdownviewenable, disableenable, disable
Placesviewviewview, create, update, deleteview, create, update, delete
Report schedulesview, createview, createview, createview, create
Subscriptionsviewview
Unlock schedulesviewview, create, update, deleteview, create, update, deleteview, create, update, delete
Usersviewview, create, update, deleteview, create, update, deleteview, create, update, deleteview, create, update, delete
User reportsview, createview, createview, createview, create
Visitor Managementview, create, update, deleteview, create, update, delete
Zonesview, create, update, delete, resetview, create, update, delete, reset

(*) a user may not demote the permission level of a user with higher permissions than them, or assign a permission that's higher than their own permission level.

Place-level roles

The following table lists permissions available for roles on place level. Please note that the resources listed are meant on place level. (e.g. Users with place administrator rights can unlock doors only in that specific place where they have this role)

Resource/RolePlace door accessPlace access managerPlace administrator
Access linksview, create, deleteview, create, delete
Access rights(*)view, create, update, deleteview, create, update, delete
Access schedulesviewview, create, update
Analyticsviewview
Camerasview, create, delete
Capacity Managementview, create, update, delete (except: who is to be notified)
Door lockdownenable, disable
Doorsview, unlockview, unlockview, unlock, create, update, delete
Elevatorsviewview, create, change settings, delete
Elevator stopsviewviewview, create, update, delete
Floorsviewviewview, create, update, delete
Groupsview Place groupsview, create, update, delete Place groups
Hardwareview, create, update, delete
Integrationsview, create, update, delete
Place lockdownenable, disable
Placesviewviewview, update, delete
Unlock schedulesview, create, updateview, create, update, delete
Usersview, add to Place groupsview, add/remove to/from Place groups
Zonesview, create, update, delete, reset

(*) a user may not demote the permission level of a user with higher permissions than them, or assign a permission that's higher than their own permission level.

info

Place roles allow to add new/existing users to place groups. When adding a new user to a place group, the new user will appear in the list of all users. However, place roles don't give access to update or remove users and assign or deassign cards from them. Make sure to assign user manager organization role in addition to the place roles, if required.

note

Place groups contain doors only from the same place, and allow changes also by place administrators.

Group-level roles

The following table lists permissions available for roles on group level. Please note that the resources listed are meant on group level (e.g. users with group manager rights can unlock doors only in that specific group where they have this role)

Resource/RoleDoor accessGroup manager
Access linksview, create, delete
Access rights(*)view, create, update, delete
Doorsview, unlockview, unlock
Elevator stopsview, get accessview, get access
Floorsviewview
Groupsview
Placesviewview
Usersview

(*) a user may not demote the permission level of a user with higher permissions than them, or assign a permission that's higher than their own permission level.

info

Group manager is allowed to add new/existing users to their group. When adding a new user to a group, the new user will appear in the list of all users. However, group managers don't have access to update or remove users and assign or deassign cards from them. Make sure to assign user manager organization role in addition to the group manager role, if required.

Access rights overview

The Access rights tab in the left-hand navigation is your go-to page to:

  • get an instant overview of all users and their roles on group, place, and organization level
  • find specific users by filtering by role (e.g. show all Access managers on the Place level)
  • share access rights
Last updated on by KatalinH16