Elevated Privileges
Some users require additional permissions to manage rooms and assets, such as concierge users.
These are the resources that users can access as privileges are raised
Assets
View
Create, Update, Delete
Create, Update, Delete
Metadata
View
Create, Update
Create, Update, Delete
Zones
View
Create, Update
Create, Update, Delete
Systems
View
Create, Update
Create, Update, Delete, Add / Remove Module
Modules
None
None
Create, Update, Delete, Start, Stop (logic only) and View all types
Settings
None
View
Create, Update
This allows a sufficiently privileged individual to perform tasks such as:
Creating new systems
Add existing Calendar and Staff API modules
Create a new Booking, Auto Check-in drivers and start them
Configure any custom settings (such as sensor id for the room)
Modify metadata in zones
Adding or removing bookable desks
Changing owner of parking spaces
etc
Configuring Permissions
Typically this would be managed via the concierge application. This is a description of the JSON that application generates.
User groups are used to apply permissions
User groups can be applied at logon via SSO
Enabling Permission Elevation
This must be done on a per-domain basis. Specify a root zone for the domain, permissions will only apply to Systems and Zones that are associated with this zone.
Defining permissions
In the org
zone defined in the domain config, create a metadata entry called permissions
You only need to define the keys that you're using.
Permissions can be defined at multiple levels in the zone hierarchy
i.e. you can provide global permissions to a group then deny that group from modifying certain zones.
Or provide allow manage permissions globally and admin in certain zones
Last updated