Profiles

The system provides user groups with varying access levels for resource management and security, allowing permissions to be tailored to tasks—from administration to resident interactions. Not every user requires full access to all menus and settings of the Link server. In this section, you can create profiles (roles) with specific permissions, which will apply to all users within that role.

1 Permissions Table for Each Role
2 How to obtain each role
3 How to create a role
4 Assigning Roles to Users

Below is a description of the available roles and their functions.

Server administrator: Full access to manage all aspects of the server. This role is held by the distributor and includes creating and editing user groups and roles, managing all objects, including rooms, virtual numbers, and devices. The Server Administrator has access to all server data, including logs and archives, and is responsible for backups, data recovery, security settings, and system audits.
Group administrator: Limited management rights within the company's resources. This role is performed by the dealer designated by the distributor. The Group Administrator can manage assigned resources, such as rooms and devices, view and edit data within their group and subordinate groups, and control room bookings and access to facilities. Group Administrator permissions are determined by Server Administrator and are restricted by hierarchy.
User: Standard user access to a personal account. The User can configure their profile, view their devices and bookings, create guest passes, and receive messages. Access is limited to personal settings and interaction with shared functions without control over system parameters.
Concierge: A role for interacting with residents and guests. The Concierge manages resident groups, sends announcements and messages, controls room bookings and access to facilities, and has access to group information and devices to ensure security and communication.

Permissions Table for Each Role

The table provides a detailed overview of the access permissions and capabilities assigned to each role within the system. It helps administrators understand the specific permissions granted to roles such as Server Administrator, Group Administrator, User, and Concierge, ensuring clear visibility into each role's capabilities and limitations. Use this table as a reference to configure and manage roles according to project requirements.

In the table below, important role permissions are specified. Click to view.

Permissions	Server administrator	Group administrator	Concierge	User

Permissions	Server administrator	Group administrator	Concierge	User
UKEY2
Can view UKEY2	+	—	—	—
Amenities reservation
Can create amenities	+	+	—	—
Can view all amenities	+	—	—	—
Can view amenities from their group	+	+	+	—
Can view amenities from descendant groups	+	+	+	—
Can view their own amenities	+	+	+	—
Can edit all amenities	+	—	—	—
Can edit amenities from their group	+	+	+	—
Can edit amenities from descendant groups	+	+	+	—
Can edit their own amenities	+	+	+	—
Can delete all amenities	+	—	—	—
Can delete amenities from their group	+	+	+	—
Can delete amenities from descendant groups	+	+	+	—
Can delete their own amenities	+	+	+	—
Can view all amenity reservations	+	—	—	—
Can view amenity reservations from their group	+	+	+	—
Can view amenity reservations from descendant groups	+	+	+	—
Can view their own amenity reservations	+	+	+	—
Can create amenity reservations	+	+	+	—
Can edit all amenity reservations	+	—	—	—
Can edit amenity reservations from their group	+	+	+	—
Can edit amenity reservations from descendant groups	+	+	+	—
Can edit their own amenity reservations	+	+	+	—
Can view logs of all amenity reservations	+	—	—	—
Can view amenity reservation logs from their group	+	+	+	—
Can view amenity reservation logs from descendant groups	+	+	+	—
Can view logs of their own amenity reservations	+	+	+	—
Virtual numbers
Can edit available virtual numbers	+	+	—	—
Can delete available virtual numbers	+	+	—	—
Can activate available virtual numbers	+	+	—	—-
Can create virtual numbers	+	+	—	—
Can view virtual numbers of their group	+	+	+	+
Can view virtual numbers of descendant groups	+	+	+	—
Can view all virtual numbers on the server	+	—	--	—
Groups
Can create root groups	+	—	—	—
Can create descendant groups	+	+	—	—
Can view all groups on the server	+	—	—	—
Can view residential complex/maintenance organization information settings of available groups	+	+	—	—
Can view residential complex/maintenance organization information in the mobile app	+	+	+	+
Can edit residential complex/maintenance organization information settings of available groups	+	+	—	—
Can view email templates of available groups	+	+	—	—
Can edit email templates of available groups	+	+	—	—
Can edit all groups on the server	+	—	—	—
Can edit descendant groups	+	+	—	—
Can edit basic parameters of their own group	+	--	—	—
Can manage users of their own group	+	+	—	—
Can manage access rules of their own group	+	+	—	—
Can manage devices of their own group	+	+	—	—
Can manage guest access of their own group	+	+	—	—
Can manage SIP trunks of their own group	+	+	—	—
Can manage forwarding settings of their own group	+	+	—	—
Can delete all groups on the server	+	—	—	—
Can delete their own groups	+	+	—	—
Calls
Can call numbers in their group	+	+	+	+
Can call numbers of descendant groups	+	+	+	—
Can call all numbers on the server	+	—	—	—
Can intercept calls like a concierge	+	+	+	—
Can receive calls from users of descendant groups	+	+	+	—
Can call to intercom	+	+	+	+
Identifiers
Can view identifiers of their group	+	+	—	+
Can view identifiers of descendant groups	+	+	—	—
Can view all identifiers on the server	+	—	—	—
Can create identifiers	+	+	—	—
Can delete available identifiers	+	+	—	—
Can edit available identifiers	+	+	—	—
Can view ACS logs by identifiers of available devices	+	+	—	—
Can create guest identifiers	+	+	—	+
Can import identifiers	+	+	—	—
Can export identifiers	+	+	—	—
Call History
Can view call history of their group numbers	+	+	+	+
Can view call history of descendant group numbers	+	+	—	—
Can view call history of all numbers on the server	+	—	—	—
Elevators
Can create elevators	+	+	—	—
Can edit available elevators	+	+	—	—
Can remove available elevators	+	+	—	—
Can view available elevators and access rules	+	+	—	+
Can view all elevators on the server	+	—	—	—
Can view all access rules for elevators	+	—	—	—
Licenses
Can view the license settings of their group	+	+	—	—
Can view the license settings of descendant groups	+	+	—	—
Can view the license settings of all groups on the server	+	—	—	—
Can edit the license settings of their group	+	—	—	—
Can edit the license settings of descendant groups	+	+	—	—
Can edit the license settings of all groups on the server	+	—	—	—
Can view the license settings of available users	+	+	—	--
Can edit the license settings of available users	+	+	—	--
Can view server licenses	+	—	—	—
Can edit server licenses	+	—	—	—
Markers
Can view available markers	+	+	+	—
Can create markers	+	+	—	—
Can edit available markers	+	+	—	—
Can delete available markers	+	+	—	—
Can apply available markers	+	+	—	—
Can view all markers on the server	+	—	—	—
Reports
Can view license usage statistics	+	+	—	—
Project Settings
Can edit server settings	+	—	—	—
Can view server settings	+	—	—	—
Can import device backup data	+	+	—	—
Can view management company/residential complex information	+	+	+	+
SIP Trunks
Can create SIP trunks	+	+	—	—
Can view their own SIP trunks	+	+	—	—
Can view SIP trunks from their group	+	+	—	—
Can view all SIP trunks on the server	+	—	—	—
Can edit their own SIP trunks	+	+	—	—
Can edit SIP trunks from their group	+	+	—	—
Can view SIP trunks from descendant groups	+	+	—	—
Can edit SIP trunks from descendant groups	+	+	—	—
Can edit all SIP trunks on the server	+	—	—	—
Can delete their own SIP trunks	+	+	—	—
Can delete SIP trunks from their group	+	+	—	—
Can delete SIP trunks from descendant groups	+	+	—	—
Can delete all SIP trunks on the server	+	—	—	—
Users
Can create users	+	+	—	—
Can view available users	+	+	+	—
Can view all users on the server	+	—	—	—
Can edit available users	+	+	—	—
Can edit their own profile	+	+	—	—
Can delete available users	+	+	—	—
Access Restrictions
Can view available access rules	+	+	—	—
Can create access rules	+	+	—	—
Can edit available access rules	+	+	—	—
Can delete available access rules	+	+	—	—
Can view all access rules on the server	+	—	—	—
Forward Rules
Can view available forwarding rules	+	+	—	—
Can create forwarding rules	+	+	—	—
Can edit available forwarding rules	+	+	—	—
Can delete available forwarding rules	+	+	—	—
Can view all forwarding rules on the server	+	—	—	—
Schedules
Can view available schedules	+	+	—	—
Can create schedules	+	+	—	—
Can edit available schedules	+	+	—	—
Can delete available schedules	+	+	—	—
Can view all schedules on the server	+	—	—	—
Annonces
Can view available announcements	+	+	+	—
Can create announcements	+	+	+	—
Can edit available announcements	+	+	+	—
Can delete available announcements	+	+	+	—
Can send available announcements	+	+	+	+
Can view all announcements on the server	+	—	—	—
Backup
Can create server backups	+	—	—	—
Can delete server backups	+	—	—	—
Can view server backups	+	—	—	—
Can restore backups from the server	+	—	—	—
Can restore backups from files	+	—	—	—
Can download backups from the server	+	—	—	—
Profiles
Can create roles	+	+	—	—
Can view roles from the "Available Profiles" list	+	+	—	—
Can view roles of available users	+	+	—	—
Can edit all roles on the server	+	—	—	—
Can edit roles created by them	+	+	—	—
Can edit roles of available users	+	+	—	—
Can edit roles from the "Available Profiles" list	+	—	—	—
Can delete roles created by them	+	+	—	—
Can delete available roles	+	+	—	—
Can delete all roles on the server	+	—	—	—
Can grant permissions beyond their own	+	—	—	—
Can view all roles, not just available ones	+	—	—	—
System
Can view system audit for available objects	+	+	—	—
Can view system audit for all objects on the server	+	+	—	—
Alarm Events
Can process available alarm events	+	+	+	—
Can view available alarm events	+	+	+	—
Can delete available alarm events	+	+	+	—
Conversations
Can view conversations of users in their group	+	+	+	+
Can view conversations of users in descendant groups	+	+	—	—
Can view all conversations on the server	+	—	—	—
Can send messages to available users	+	+	+	+
Can create conversations	+	+	+	+
Can send conversation messages	+	+	+	+
Can delete available conversations	+	+	—	—
Can receive messages from users in descendant groups	+	+	+	—
Invitation Links
Can create invitation links	+	+	—	—
Can view their own invitation links	+	+	—	—
Can view invitation links of users in their group	+	+	—	—
Can view invitation links of users in descendant groups	+	+	—	—
Can view all invitation links on the server	+	—	—	—
Can edit their own invitation links	+	+	—	—
Can edit invitation links of users in their group	+	+	—	—
Can edit perpetual invitation links of users in descendant groups	+	+	—	—
Can edit all invitation links on the server	+	—	—	—
Can delete their own invitation links	+	+	—	—
Can delete invitation links of users in their group	+	+	—	—
Can delete invitation links of users in descendant groups	+	+	—	—
Can delete all invitation links on the server	+	—	—	—
Devices
Can create devices	+	+	—	—
Can view devices in their group	+	+	+	+
Can view devices of descendant groups	+	+	+	—
Can view all devices on the server	+	—	—	—
Can view the status of available devices	+	+	—	—
Can view the task queue of available devices	+	+	—	—
Can view firmware status information of available devices	+	+	—	—
Can view logs of available devices	+	+	—	—
Can edit available devices	+	+	—	—
Can delete available devices	+	+	—	—
Emergency Alerts
Can view emergency alerts of their group	+	+	+	—
Can view emergency alerts of descendant groups	+	+	+	—
Can view all emergency alerts on the server	+	—	—	—
Can create emergency alerts	+	+	—	—
Can playback available emergency alerts	+	+	+	—
Can edit available emergency alerts	+	+	—	—
Can delete available emergency alerts	+	+	—	—

How to obtain each role

In the self-host version of the system, roles can only be assigned by the Server Administrator (distributor) or the Group Administrator (dealer). Users cannot register independently or select their own roles; all roles are assigned according to permissions set by the administrator.

Server Administrator: Assigned by and exclusive to the distributor. This role has the highest level of control, including managing permissions for all other roles.
Group Administrator: Assigned by the distributor to the dealer. Responsible for managing resources and users within their assigned area.
User: Assigned by either the Server Administrator or Group Administrator. This role grants standard access to a personal account with limited control over system functions.
Concierge: Assigned by either the Server Administrator or Site Administrator. This role is tailored for assisting guests or managing front-desk operations, with permissions defined by the organization.

If a user needs a role change or permission update, they should contact their administrator directly.

Be aware that when a Server Administrator modifies role permissions, these changes apply to all users assigned to that role.

To avoid affecting existing users, consider creating a custom role with specific permissions to meet organizational needs.

How to create a role

In addition to the standard roles available on the server, there may be situations where a customized set of permissions is needed. Creating a new role manually allows administrators to tailor permissions to specific needs, providing greater flexibility in managing access and responsibilities.

For example, if a role similar to the Group Administrator is required but with more restricted access, such as limiting the ability to edit user accounts, a custom role can be created to meet these exact requirements.

By creating unique roles, administrators can ensure that access is aligned precisely with organizational needs, while maintaining control over each user's permissions.

To create a new role, follow these steps:

Open the Profiles tab in the User Management section.
Click the ➕ icon in the lower-right corner to start creating a role.

In the window that opens, enter the Name of the role, and add a Description if necessary.
In the Available Profiles section, select the profiles that users with this role will be able to edit.
In the Permissions section, check all necessary permissions that will be available for this role.

If you are unsure which permissions to assign, open any built-in role in the Profiles tab to explore its configuration. You can use it as a reference and manually replicate the relevant permissions in your custom role.

Once all required permissions are selected, click the Save icon in the lower-right corner of the screen.

After saving, you will be returned to the main screen of the Profiles section, where all roles, including the newly created one, will be displayed. On this screen, you can edit, delete, and filter roles by name.

Assigning Roles to Users

To assign a specific role to a user, follow these steps:

Go to the Users section.
Click the ➕ icon in the lower-right corner to create a new user profile, or open an existing user profile via the 🖍 icon to update their role.

In the Profiles dropdown menu, select the appropriate system or custom role for the user.

Once all necessary settings are configured and the role is assigned, click the Save icon in the lower-right corner to complete the setup.

After creating and configuring the profile, you will be redirected to the User Management section. Here, the administrator will see a list of users they have permission to manage, along with their assigned roles — no need to open each profile.

User management _ BAS-IP Link - Google Chrome 2024.png

Learn more:

How to configure access rights for separate projects

Profiles

Permissions Table for Each Role

How to obtain each role

How to create a role

Assigning Roles to Users

Related content