US English (US)
GB English (UK)
Contact us
English (UK)

Roles & Data Security in Admin Portal

Administrator

Written By Natalia Povrozniak (Administrator)

Updated at April 12th, 2024

Table of Contents

Editing a role Role Details App Settings Adding the +ADD button for Visitors in Flex Removing the Export button for Booking List, Visitor List, Tasks, and Spaces in OneLens Data Security Data Model Security Permissions required for Cost Codes Users

Define or modify permissions and data security options for the roles within your organisation in Admin Portal > Setup > Roles & Data Security page.

Editing a role

Note: To request the editing roles for your organisation, please contact IBSS support.

To make any changes to the permissions, select a role for which you want to modify permissions. The four tabs with role permissions open:

  • Role Details
  • App Settings
  • Data Security
  • Users

Role Details

Roles are created according to AAD roles of the organisation. Also we can create native roles for various needs.

In the Role Details tab, you can:

  • Change the role name
  • (not editable) Identity Provider Type
  • Enable or disable the ownership granted for this role

App Settings

App Settings determine security rights for what a user is allowed to do on the IBSS platform.

There are the following sections with the corresponding settings:

Adding the +ADD button for Visitors in Flex

To allow user within the given role to be able to add new visitors, do the following:

  1. In Admin Portal > Setup > Roles & Data Security > App Settings, expand the API > Visits settings.
  2. Select the checkbox V2 under API > Visits.
  3. Click View JSON Script link at the left bottom of the role settings.
  4. Add the “Create” line under API > Visits within the JSON script.
  5. Click Ok to confirm changes to the role permissions.

Now, all users who belong to this role that you edited will have the +ADD button on the Visitors page in Flex.

Note: To request adding the +ADD button to be disabled, please contact IBSS support.

Removing the Export button for Booking List, Visitor List, Tasks, and Spaces in OneLens

Removing the Export button for a user role

The Export button is enabled for all user roles in OneLens on the following pages:

  • Booking List
  • Visitor List
  • Tasks
  • Spaces

Note: To request the Export button to be disabled, please contact IBSS support.

To disable the Export button for a certain role, do the following:

  1. In Admin Portal, go to Setup > Roles & Data Security.
  2. Select a role that you want to disable the Export button for.
  3. Open the App Settings tab.
  4. Click View JSON Script at the bottom left.
  5. In the popup, under ONELENS360 section, remove “Export”.
  1. Click Ok.
  2. Click Save to confirm your changes.

Now, users with this role assigned will not have the Export button on the mentioned pages.

Data Security

Data model security rights determines what data the user can create, read, update and delete in the IBSS platform.

Data Model Security

The security model in the IBSS platform has been enhanced to include app security rights as well as data model security rights. 

App Security vs Data Model Security

App security rights determine what a user is allowed to do on the IBSS platform whilst data model security rights determines what data the user can create, read, update and delete in the IBSS platform.

Data Model Rights

The IBSS Platform provides Data Model rights on the following functions in a record:

  • Create - the ability to create a new record of that type.
  • Read - the ability to read a record.
  • Update - the ability to modify a record.
  • Delete - the ability to remove a record.
  • Lock - the ability to lock a record (not used).
  • Unlock - the ability to unlock a record (not used).
  • Share - the ability to share rights to the record with another entity.

For each of these rights, the following levels can be applied:

  • None - no rights.
  • Basic - rights apply only to records owned by me. 
  • Local - rights apply to records which are owned by any role that I belong to. 
  • Deep - rights apply to records which are owned by any role (or parent role) that I belong to.
  • Global rights apply to all records of that type.

Note: To amend Data Model rights, please contact IBSS support.

The following lists the record types to which Data Model security can be applied:

Event Type
Description [Type]
BookingParties
Stores data about parties of a booking. [Data]
BookingPolicies Stores data about booking policies. [Data]
BookingSpaces
Stores information used for Linked Spaces. [Data]
Bookings
Stores booking information. [Data]
BookingsDailySummary
Stores daily summary of bookings. [Data]
BuildingKPIs
Stores BuildingKPI configuration. [Config]
CateringMenuItems Stores all orderable catering items per building. [Data]
CateringMenus Stores a collection of Catering items per building defined by a from and to date. [Data]
CateringOrderPolicies Stores the pantry/kitchen operating hours and preparation times for catering items per building. [Config]
CateringOrders Stores orders associated to bookings. [Data]
CateringRestrictions Stores common restrictions (dietary and allergen) across an organisation that can be associated with catering items. [Data]
CateringSuppliers Stores a list of suppliers per organisation that may supply catering items. [Data]
ConnectorsConfiguration

✅ new

Stores permissions required for connectors that are deployed as part of the platform. Permissions depend on the type of the connector.
CostCodes
Stores Cost Codes information. [Data] 
Provides the CRUD rules to the cost codes for CREATE/READ/UPDATE/DELETE.
Delegates

✅ new

Stores permissions for delegates.
Devices
Stores Device configuration. [Config]
DevicesStatus
Stores feedback from deployed devices. [Data]
EnvironmentalFloorData
Stores summarised environmental data per floor. [Data]
EnvironmentalSensors
Stores information about environmental sensors. [Config + Data]
EnvironmentalZoneDailySummary
Stores daily summary environmental information. [Data]
EnvironmentalZoneData
Stores real-time environmental information. [Data]
EnvironmentalZoneSummary
Stores 30 minute summary environmental information. [Data]
EnvironmentalZones
Stores environmental zone configuration. [Config]
Equipment
Stores equipment information. [Config + Data]
Filters

✅ new 

Stores filters information.
IdentityProviders Stores identity provider details of the organisation. [Config]
Nodes
Stores node hierarchy (Organisation > Floor level). [Config]
Notes

✅ new 

Stores rules for visitor notes.
NotificationRules
Stores notification rules information. [Data]
Notifications
Stores generated notifications. [Data]
Parameters
Stores parameter information. [Config + Data]
ResolversCategories
Stores link information between resolvers and task categories. [Data]
ResolversDailySummary
Stores daily summary by resolver. [Data]
RoleDataSecurity
Stores information about what rights each role has. [Data]
Roles
Stores role information. [Data]
Signage Stores signage information (Deprecated)
SpaceCateringMenu
Stores catering information. [Config + Data]
SpaceInformation
Stores Space Information. [Data]
SpaceStates
Stores state information for each Space State. [Config]
SpaceUtilisationSummary
Stores live summary data for spaces. [Data]
SpaceZones
Stores zone to space associations. [Data]
Spaces
Stores spaces information. [Config + Data]
SpacesDailySummary
Stores daily summary of space usage. [Data]
SpacesMonthlySummary Stores monthly summary of space usage (Deprecated)
SpacesSpaceInformation
Stores link between spaces and space information. [Config]
SpacesSummary
Stores 15 minute summary data of spaces. [Data]
SpacesWeeklySummary

(future option)

Stores weekly summary of space usage. [Data]
SupportedVersions
Stores supported versions of client apps. [Data]
Tag2EventType

✅ new

Stores permissions to use tags.
TagDefinitions

✅ new

Prerequisite for Tag2EventType. Stores permissions to create tags. Users must have Create, Update, and Delete permissions to be able to work with tags.
TaskCategories
Stores Task categories information. [Data]
TaskStates
Stores state information for each Task State. [Data]
TaskTypes
Stores config information about a task. [Config]
Tasks
Stores generated task information. [Data]
TasksDailySummary
Stores daily summary of tasks. [Data]
UserNotifications
Stores users to notifications information. [Data]
UserRoles
Stores the role association of a user. [Data]
Users
Stores user information. [Data]
Visitors
Stores visitor information. [Data]
Visits
Stores visit information. [Data]
VisitsDailySummary
Stores daily summary of visits. [Data]

Permissions required for Cost Codes

Permissions required for Cost Codes

Depending on the configuration of your IBSS Platform deployment, cost codes may be available to you to use when booking certain types of spaces.

Cost codes are enabled in Admin Portal. 

Note: To enable cost codes for your organisation, please contact IBSS support.

To enable cost codes:

  1. Go to Security > Roles, and then select the role you wish to enable cost codes for.
  2. Go to the Data Security tab. 
  3. From here, you can enable Create, Read, Delete, and Update permissions for cost codes.

Cost codes, if enabled, are available in Roamer, Flex, and OneLens.

Users

Controlled by AAD that they are linked to, but you can create native users.

 

Related Articles

Sign in to IBSS Hub

📌 Applies to app version 2023.02 and later IBSS Hub is the desktop interface for ...

File Management

Applies to app version 2024.02 onwards.   The File Management page in Admin Porta...

OneLens360 Security Rights

Applies to app version 2024.02 or higher The security model in the IBSS platform ...

Roamer Security Rights

Applies to Version 1.11 or higher The security model in the IBSS platform has bee...