Skip to main content

Managing access rights

Managing access through groups#

Not all users may need access to all doors or floors, or the same access restrictions may not need to apply uniformly to all members.

To manage access and restrictions on a granular level, use groups to apply the same settings for door or elevator access with a subset of members.

By default, for each place, there is a group called “Entire place”. But you can create as many groups as you need.

To create a new group through the API, you need to provide at least a name. Then, once the group is created, locks (doors) and elevator stops (floors) need to be added to grant group members access.

Group locks#

Linking a group to certain locks will give members of that group access to only those locks, applying particular restrictions when needed.

To create these associations, you can create group locks one by one through the API endpoint or you can provide a list using the locks_to_assign field in the create a new group endpoint mentioned above.

Group elevator stops#

A group elevator stop is an association between an elevator stop and a group. They are created automatically when associating elevator stops to groups.

To create group elevator stops, you can do it one by one through the API endpoint or you can add a list of elevator stops when creating a new group, using the elevator_stops_to_assign field in the create a new group endpoint.

Sharing access#

To allow users access with their credentials, you need to share access with them. In Kisi this is done by adding users as members of a group. The group will determine the doors and floors to which the user has access and the restrictions that apply to them.

The share is what grants access to the member to a certain group. A share is a register that is created for a member when they are added to a group.

If you don't have a group yet, make sure you create one, as explained above.

To share access, first, you need to create a member. To create a member through the API endpoint, only the place id and email are required to be sent through a POST call.

Then you need to create a new share making a POST call to the API, sending at least the user email and the group id.

Removing members and shares#

Among the most common tasks that Kisi administrators perform, are the removal of members and shared accesses.

From the Members tab in the management dashboard, you can search for the member you want to remove and delete them using the trash icon. You can also delete a member using the Delete member button of the member detail. This will completely remove the member and the shared accesses the member is assigned to.

To remove a member through the API, make a DELETE call to the members' endpoint, passing the member id.

To remove only the shared access, you have to enter in the user detail and look for Memberships in the management dashboard. Delete the membership by clicking on the corresponding trash icon.

For Organization subscriptions, you can also delete a share from the detail of a team, in the Users tab, using the corresponding trash icon.

To delete a share through the API, make a DELETE call to the shares endpoint, passing the share id.