Skip to main content

Roles

Roles define access privileges and make sure users are managed efficiently. In Kisi Organizations (also known as Kisi 2.0) there are several different roles, depending on which level you want to share access: group, place or organization level.

A user can't have more than one role in the same place or group, but can have more than one place- or group-level roles for different places and groups. (e.g. place access manager for Place A and place administrator for Place B).

Organization-level roles

The resources listed are all referring to resources in the organization (e.g. Users with organization access manager rights can unlock any door in the organization)

Resource/RoleUser managerOrganization access managerOrganization administrator
Access Linksview, create, deleteview, create, delete
Analyticsviewview
Alert Policiesview, create, update, delete
Camerasview, create, delete
Capacity Managementview, create, update, delete
Cardsview, create, update, deleteview, create, update, deleteview, create, activate, update, delete
Doorsview, unlockview, unlock, create, update, delete
Elevatorsviewview, create, change settings, delete
Elevator stopsviewview, create, update, delete
Eventsviewview
Event reportsview, createview, create
Floorsviewview, create, update, delete
Groupsviewview, create, update, delete
Hardwareview, create, update, delete
Integrationsview, create, update, delete
Usersview, create, update, deleteview, create, update, deleteview, create, update, delete
User reportsview, createview, create
Placesviewview, create, update, delete
Access rights(*)view, create, update, deleteview, create, update, delete
Subscriptionsviewview
Time restrictionsview, create, update, deleteview, create, update, delete
Zonesview, create, update, delete, reset

(*) a user may not demote the permission level of a user with higher permissions than them, or assign a permission that's higher than their own permission level.

Place-level roles

The following table lists permissions available for roles on place level. Please note that the resources listed are meant on place level. (e.g. Users with place administrator rights can unlock doors only in that specific place where they have this role)

Resource/RolePlace door accessPlace access managerPlace administrator
Access Linksview, create, deleteview, create, delete
Analyticsviewview
Camerasview, create, delete
Capacity Managementview, create, update, delete
Doorsview, unlockview, unlockview, unlock, create, update, delete
Elevatorsviewview, create, change settings, delete
Elevator stopsviewviewview, create, update, delete
Floorsviewviewview, create, update, delete
Groupsview Place groupsview, create, update, delete Place groups
Hardwareview, create, update, delete
Integrationsview, create, update, delete
Usersview, add to Place groupsview, add/remove to/from Place groups
Placesviewviewview, update, delete
Access rights(*)view, create, update, deleteview, create, update, delete
Time restrictionsview, create, updateview, create, update, delete
Zonesview, create, update, delete, reset

(*) a user may not demote the permission level of a user with higher permissions than them, or assign a permission that's higher than their own permission level.

info

Place roles allow to add new/existing users to place groups. When adding a new user to a place group, the new user will appear in the list of all users. However, place roles don't give access to update or remove users and assign or deassign cards from them. Make sure to assign user manager organization role in addition to the place roles, if required.

note

Place groups contain doors only from the same place, and allow changes also by place administrators.

Group-level roles

The following table lists permissions available for roles on group level. Please note that the resources listed are meant on group level (e.g. users with group manager rights can unlock doors only in that specific group where they have this role)

Resource/RoleDoor accessGroup manager
Access Linksview, create, delete
Doorsview, unlockview, unlock
Elevator stopsview, get accessview, get access
Floorsviewview
Groupsview
Usersview
Placesviewview
Access rights(*)view, create, update, delete
Time restrictionsview, create, update

(*) a user may not demote the permission level of a user with higher permissions than them, or assign a permission that's higher than their own permission level.

info

Group manager is allowed to add new/existing users to their group. When adding a new user to a group, the new user will appear in the list of all users. However, group managers don't have access to update or remove users and assign or deassign cards from them. Make sure to assign user manager organization role in addition to the group manager role, if required.