Define or modify permissions and data security options for the roles within your organisation in Admin Portal > Setup > Roles & Data Security page.
Editing a role
Note: To request the editing roles for your organisation, please contact IBSS support.
To make any changes to the permissions, select a role for which you want to modify permissions. The four tabs with role permissions open:
- Role Details
- App Settings
- Data Security
- Users
Role Details
Roles are created according to AAD roles of the organisation. Also we can create native roles for various needs.
In the Role Details tab, you can:
- Change the role name
- (not editable) Identity Provider Type
- Enable or disable the ownership granted for this role
App Settings
App Settings determine security rights for what a user is allowed to do on the IBSS platform.
There are the following sections with the corresponding settings:
- ROAMER
Read more about the settings here: Roamer Security Rights - ONELENS360
Read more about the settings here: OneLens360 Security Rights - FLEX
Read more about the settings here: Flex Security Rights - ADMINPORTAL
- API
Read more about the settings here: API Security Rights
Adding the +ADD button for Visitors in Flex
- Add the “Create” line under API > Visits within the JSON script.
Removing the Export button for Booking List, Visitor List, Tasks, and Spaces in OneLens
Removing the Export button for a user role
📌 Applies to app versions up to 2024.01.
The Export button is enabled for all user roles in OneLens on the following pages:
- Booking List
- Visitor List
- Tasks
- Spaces
Note: To request the Export button to be disabled, please contact IBSS support.
To disable the Export button for a certain role, do the following:
- In Admin Portal, go to Setup > Roles & Data Security.
- Select a role that you want to disable the Export button for.
- Open the App Settings tab.
- Click View JSON Script at the bottom left.
- In the popup, under ONELENS360 section, remove “Export”.
- Click Ok.
- Click Save to confirm your changes.
Now, users with this role assigned will not have the Export button on the mentioned pages.
Data Security
Data model security rights determines what data the user can create, read, update and delete in the IBSS platform.
Data Model Security
The security model in the IBSS platform has been enhanced to include app security rights as well as data model security rights.
App Security vs Data Model Security
App security rights determine what a user is allowed to do on the IBSS platform whilst data model security rights determines what data the user can create, read, update and delete in the IBSS platform.
Data Model Rights
The IBSS Platform provides Data Model rights on the following functions in a record:
- Create - the ability to create a new record of that type.
- Read - the ability to read a record.
- Update - the ability to modify a record.
- Delete - the ability to remove a record.
- Lock - the ability to lock a record (not used).
- Unlock - the ability to unlock a record (not used).
- Share - the ability to share rights to the record with another entity.
For each of these rights, the following levels can be applied:
- None - no rights.
- Basic - rights apply only to records owned by me.
- Local - rights apply to records which are owned by any role that I belong to.
- Deep - rights apply to records which are owned by any role (or parent role) that I belong to.
- Global rights apply to all records of that type.
Note: To amend Data Model rights, please contact IBSS support.
The following lists the record types to which Data Model security can be applied:
Event Type |
Description [Type] |
|---|---|
BookingParties |
Stores data about parties of a booking. [Data] |
| BookingPolicies | Stores data about booking policies. [Data] |
BookingSpaces |
Stores information used for Linked Spaces. [Data] |
Bookings |
Stores booking information. [Data] |
BookingsDailySummary |
Stores daily summary of bookings. [Data] |
BuildingKPIs |
Stores BuildingKPI configuration. [Config] |
| CateringMenuItems | Stores all orderable catering items per building. [Data] |
| CateringMenus | Stores a collection of Catering items per building defined by a from and to date. [Data] |
| CateringOrderPolicies | Stores the pantry/kitchen operating hours and preparation times for catering items per building. [Config] |
| CateringOrders | Stores orders associated to bookings. [Data] |
| CateringRestrictions | Stores common restrictions (dietary and allergen) across an organisation that can be associated with catering items. [Data] |
| CateringSuppliers | Stores a list of suppliers per organisation that may supply catering items. [Data] |
CostCodes |
Stores CostCodes information. [Data] |
Devices |
Stores Device configuration. [Config] |
DeviceStatus |
Stores feedback from deployed devices. [Data] |
EnvironmentalFloorData |
Stores summarised environmental data per floor. [Data] |
EnvironmentalSensors |
Stores information about environmental sensors. [Config + Data] |
EnvironmentalZoneDailySummary |
Stores daily summary environmental information. [Data] |
EnvironmentalZoneData |
Stores real-time environmental information. [Data] |
EnvironmentalZoneSummary |
Stores 30 minute summary environmental information. [Data] |
EnvironmentalZones |
Stores environmental zone configuration. [Config] |
Equipment |
Stores equipment information. [Config + Data] |
| IdentityProviders | Stores identity provider details of the organisation. [Config] |
Nodes |
Stores node hierarchy (Organisation > Floor level). [Config] |
NotificationRules |
Stores notification rules information. [Data] |
Notifications |
Stores generated notifications. [Data] |
Parameters |
Stores parameter information. [Config + Data] |
ResolversCategories |
Stores link information between resolvers and task categories. [Data] |
ResolversDailySummary |
Stores daily summary by resolver. [Data] |
RoleDataSecurity |
Stores information about what rights each role has. [Data] |
Roles |
Stores role information. [Data] |
| Signage | Stores signage information (Deprecated) |
SpaceCateringMenu |
Stores catering information. [Config + Data] |
SpaceInformation |
Stores Space Information. [Data] |
SpaceStates |
Stores state information for each Space State. [Config] |
SpaceUtilisationSummary |
Stores live summary data for spaces. [Data] |
SpaceZones |
Stores zone to space associations. [Data] |
Spaces |
Stores spaces information. [Config + Data] |
SpacesDailySummary |
Stores daily summary of space usage. [Data] |
| SpacesMonthlySummary | Stores monthly summary of space usage (Deprecated) |
SpacesSpaceInformation |
Stores link between spaces and space information. [Config] |
SpacesSummary |
Stores 15 minute summary data of spaces. [Data] |
SupportedVersions |
Stores supported versions of client apps. [Data] |
TaskCategories |
Stores Task categories information. [Data] |
TaskStates |
Stores state information for each Task State. [Data] |
TaskTypes |
Stores config information about a task. [Config] |
Tasks |
Stores generated task information. [Data] |
TasksDailySummary |
Stores daily summary of tasks. [Data] |
UserNotifications |
Stores users to notifications information. [Data] |
UserRoles |
Stores the role association of a user. [Data] |
Users |
Stores user information. [Data] |
Visitors |
Stores visitor information. [Data] |
Visits |
Stores visit information. [Data] |
VisitsDailySummary |
Stores daily summary of visits. [Data] |
Permissions required for Cost Codes
Permissions required for Cost Codes
Depending on the configuration of your IBSS Platform deployment, cost codes may be available to you to use when booking certain types of spaces.
Cost codes are enabled in Admin Portal.
Note: To enable cost codes for your organisation, please contact IBSS support.
To enable cost codes:
- Go to Security > Roles, and then select the role you wish to enable cost codes for.
- Go to the Data Security tab.
- From here, you can enable Create, Read, Delete, and Update permissions for cost codes.
Cost codes, if enabled, are available in Roamer, Flex, and OneLens.
Users
Controlled by AAD that they are linked to, but you can create native users.