Applies to version 2023.02 or higher
The security model in the IBSS platform has been enhanced to include app security rights as well as data model security rights. Roles are set up in Admin Portal > Setup > Roles & Data Security > the App Settings tab.
Note: To set up roles for your organisation or edit permissions, please contact IBSS support.
App Security vs Data Model Security
App security rights determine what a user with this role is allowed to do on the IBSS platform, whilst data model security rights determine what data the user can create, read, update, and delete in the IBSS platform.
Granting an app security right requires applying it to a building that is listed in the panel under Building permissions on the right.
Note: Admin Portal has this look starting with version 2023.01.
API Security Rights
Right |
APPLIESTO | Description |
|---|---|---|
API.Visits.Approve |
yes | Can approve visits |
API.Visits.Deny |
yes | Can deny visits |
API.Visits.Cancel |
yes | Can cancel visits |
API.Visits.CheckIn |
yes | Can check in a visit |
API.Visits.CheckOut |
yes | Can check out of a visit |
| API.Visits.V2 | Enables access to V2 visitor functionality | |
| API.Visits.Export | Can export visitors list | |
| API.Visits.Import | Can import visitors list | |
| API.Visits.Create | Can create visitors | |
API.Spaces.CheckIn |
Can check into a space |
|
API.Spaces.CheckInOnBehalfOf |
Can check in on behalf of someone else |
|
API.Spaces.CheckOut |
Can check out of a space |
|
API.Spaces.Reserve |
Can reserve a space |
|
API.Spaces.Disable |
Can disable a space |
|
API.Spaces.Enable |
Can enable a space |
|
API.Spaces.ChangeTemperature |
Can control the temperature of a space |
|
API.Spaces.ChangeLighting |
Can control the lighting level of a space |
|
API.Spaces.ChangeAv |
Can control the AV of a space |
|
API.Spaces.ChangeBlinds |
Can control the blinds of a space |
|
API.Spaces.AdminBookableOnly |
Can book a space marked as AdminBookableOnly |
|
| API.Spaces.V2 | Enables access to V2 API | |
API.Tasks.Assign |
Can assign a task to a resolver |
|
API.Tasks.Reallocate |
Can re-allocate a task to another resolver |
|
API.Tasks.Cancel |
Can cancel a task |
|
API.Tasks.SetInProgress |
Can start a task |
|
API.Tasks.Unassign |
Can un-assign a task from a resolver |
|
API.Tasks.Resolve |
Can mark the task as resolved |
|
API.Tasks.ChangePriority |
Can change the priority of a task |
|
| API.Tasks.Notify | Can send out task notifications | |
| API.Tasks.Export | Can export tasks | |
| API.Tasks.Import | Can import tasks | |
API.Equipment.Disable |
Can enable equipment |
|
API.Equipment.Enable |
Can disable equipment |
|
API.Bookings.BookOnBehalfOf |
no | Can book on behalf of someone else |
API.Bookings.BookLinkedSpaceWork |
Can book a linked space of class Work |
|
API.Bookings.BookLinkedSpaceSupport |
Can book a linked space of class Support |
|
API.Bookings.BookLinkedSpaceAmenity |
Can book a linked space of class Amenity |
|
API.Bookings.IgnoreTimeHorizon |
yes | Can ignore limitations of booking time horizon |
| API.Bookings.BookOutsideWorkingHours | yes | Can book outside of working hours |
| API.Bookings.BookOutsideOfficeHours | yes | Can book outside of office hours |
| API.Bookings.BookUnlimitedSpaces | yes |
Can book unlimited spaces
If this permission is not granted, the role will be limited to book one space type for a certain period of time. For example:
|
| API.Bookings.IgnoreAllPolicyRestrictions | yes | Can ignore limitations of booking policy |
| API.Bookings.AssignCostCode | Can assign cost codes to bookings, this right shows the panel on the create/edit bookings page | |
| API.Bookings.AddOnlineMeetingLink | Can add online meeting link | |
| API.Bookings.V2 | Enables access to V2 API | |
| API.Bookings.Approve | Can Approve a Booking that requires approval | |
| API.Bookings.Deny | Can Reject a Booking that requires approval | |
| API.Bookings.BookRecurring | Can create recurring bookings | |
| API.Bookings.Export | Can export bookings | |
API.IdentityProvider.SyncNow |
Can trigger an AAD sync |
|
API.Users.ResetPassword |
Can reset a user password |
|
API.Users.Search |
Can search for a user |
|
API.Files.Read |
Can read server-side files |
|
API.Files.Create |
Can create server-side files |
|
API.Files.Update |
Can update server-side files |
|
API.Files.Delete |
Can delete server-side files |
|
API.Files.DeletePath |
Can delete a server-side file path |
|
API.Files.Download |
Can download files |
|
| API.Catering.AssignCostCode | Can assign cost code for catering | |
| API.Catering.Notify | no | Can send out catering notifications |
| API.Catering.Approve | no | Can approve catering requests |
| API.Catering.V2 | Enables access to Catering. Must be enabled for any of the Catering permissions to work. | |
| API.Devices.RestartDevice | Can restart device | |
| API.Devices.TerminateApp | Can terminate app | |
| API.Devices.RestartApp | Can restart app | |
| API.Devices.ClearCache | Can clear device cache | |
| API.Devices.Navigate | Can force the app to go to a particular page | |
| API.CostCodes.V2 | Enables access to Cost Codes V2 API |