API Security Rights

Written By Sam Walton (Super Administrator)

Updated at August 22nd, 2024

Applies to version 2023.02 or higher

The security model in the IBSS platform has been enhanced to include app security rights as well as data model security rights. Roles are set up in Admin Portal > Setup > Roles & Data Security > the App Settings tab.

Note: To set up roles for your organisation or edit permissions, please contact IBSS support.

App Security vs Data Model Security

App security rights determine what a user with this role is allowed to do on the IBSS platform, whilst data model security rights determine what data the user can create, read, update, and delete in the IBSS platform.

Granting an app security right requires applying it to a building that is listed in the panel under Building permissions on the right.

Note: Admin Portal has this look starting with version 2023.01.

API Security Rights

Right
APPLIESTO
Description
API.Visits.Approve
yes
Can approve visits
API.Visits.Deny
yes
Can deny visits
API.Visits.Cancel
yes
Can cancel visits
API.Visits.CheckIn
yes
Can check in a visit
API.Visits.CheckOut
yes
Can check out of a visit
API.Visits.V2   Enables access to V2 visitor functionality
API.Visits.Export   Can export visitors list
API.Visits.Import   Can import visitors list
API.Visits.Create   Can create visitors
API.Spaces.CheckIn
 
Can check into a space
API.Spaces.CheckInOnBehalfOf
 
Can check in on behalf of someone else
API.Spaces.CheckOut
 
Can check out of a space
API.Spaces.Reserve
 
Can reserve a space
API.Spaces.Disable
 
Can disable a space
API.Spaces.Enable
 
Can enable a space
API.Spaces.ChangeTemperature
 
Can control the temperature of a space
API.Spaces.ChangeLighting
 
Can control the lighting level of a space
API.Spaces.ChangeAv
 
Can control the AV of a space
API.Spaces.ChangeBlinds
 
Can control the blinds of a space
API.Spaces.AdminBookableOnly
 
Can book a space marked as AdminBookableOnly
API.Spaces.V2   Enables access to V2 API
API.Tasks.Assign
 
Can assign a task to a resolver
API.Tasks.Reallocate
 
Can re-allocate a task to another resolver
API.Tasks.Cancel
 
Can cancel a task
API.Tasks.SetInProgress
 
Can start a task
API.Tasks.Unassign
 
Can un-assign a task from a resolver
API.Tasks.Resolve
 
Can mark the task as resolved
API.Tasks.ChangePriority
 
Can change the priority of a task
API.Tasks.Notify   Can send out task notifications
API.Tasks.Export   Can export tasks
API.Tasks.Import   Can import tasks
API.Equipment.Disable
 
Can enable equipment
API.Equipment.Enable
 
Can disable equipment
API.Bookings.BookOnBehalfOf
no
Can book on behalf of someone else
API.Bookings.BookLinkedSpaceWork
 
Can book a linked space of class Work
API.Bookings.BookLinkedSpaceSupport
 
Can book a linked space of class Support
API.Bookings.BookLinkedSpaceAmenity
 
Can book a linked space of class Amenity
API.Bookings.IgnoreTimeHorizon
yes
Can ignore limitations of booking time horizon
API.Bookings.BookOutsideWorkingHours yes Can book outside of working hours
API.Bookings.BookOutsideOfficeHours yes Can book outside of office hours
API.Bookings.BookUnlimitedSpaces yes

Can book unlimited spaces

 

If this permission is not granted, the role will be limited to book one space type for a certain period of time. For example:

  • ✅ They can book a desk for the day and a meeting room for any time during that day.
  • ❌ But they cannot book two meeting rooms where bookings have overlapping time slots. They cannot book two desks for the same time, too.
API.Bookings.IgnoreAllPolicyRestrictions yes Can ignore limitations of booking policy
API.Bookings.AssignCostCode   Can assign cost codes to bookings, this right shows the panel on the create/edit bookings page
API.Bookings.AddOnlineMeetingLink   Can add online meeting link
API.Bookings.V2   Enables access to V2 API
API.Bookings.Approve   Can Approve a Booking that requires approval
API.Bookings.Deny   Can Reject a Booking that requires approval
API.Bookings.BookRecurring   Can create recurring bookings
API.Bookings.Export   Can export bookings
API.IdentityProvider.SyncNow
 
Can trigger an AAD sync
API.Users.ResetPassword
 
Can reset a user password
API.Users.Search
 
Can search for a user
API.Files.Read
 
Can read server-side files
API.Files.Create
 
Can create server-side files
API.Files.Update
 
Can update server-side files
API.Files.Delete
 
Can delete server-side files
API.Files.DeletePath
 
Can delete a server-side file path
API.Files.Download
 
Can download files
API.Catering.AssignCostCode   Can assign cost code for catering
API.Catering.Notify no Can send out catering notifications
API.Catering.Approve no Can approve catering requests
API.Catering.V2   Enables access to Catering. Must be enabled for any of the Catering permissions to work.
API.Devices.RestartDevice   Can restart device
API.Devices.TerminateApp   Can terminate app
API.Devices.RestartApp   Can restart app
API.Devices.ClearCache   Can clear device cache
API.Devices.Navigate   Can force the app to go to a particular page
API.CostCodes.V2   Enables access to Cost Codes V2 API