Roles

In the BAS-IP Link system, roles define a set of permissions and rules for different user categories. The system includes four primary roles: Company Administrator, Site Administrator, Concierge, and User, each with unique settings for server interaction — from managing groups and licenses to personal housing. Additionally, you can create custom roles to tailor permissions to your project’s needs.

1 Standard Roles on the Server
- 1.1 Permissions Table for Each Role
2 Creating a Custom Role
- 2.1 Creating a Role by Copying
- 2.2 Assigning a Role to a User

Standard Roles on the Server

The server provides predefined roles with specific functions designed for various system usage scenarios. In this section, we will explain the purpose of each role, their key capabilities, and the conditions for obtaining them.

Company Administrator: Manages company resources, creates subgroups, assigns administrators, and distributes licenses. This role configures resources and defines access for subordinate roles like the Site Administrator. To obtain this role, users must first select "Dealer" or "Installer" during registration and then contact our sales department, where the role will be assigned manually.
Site Administrator: Manages assigned resources such as rooms, devices, and groups. Can view, edit data, and control bookings and access. Assigned manually by the Company Administrator or automatically during registration by a dealer or installer.
User: Has basic access to a personal account. Can configure their profile, view devices and bookings, create guest passes, and receive messages. Permissions are limited to personal settings without system management. Assigned manually by the Company Administrator or Site Administrator.
Concierge: Manages resident interactions, including sending messages, making and receiving calls, and controlling bookings and access. Has access to group information and devices to ensure communication and security. Assigned manually by the Company Administrator or Site Administrator.

Roles allow for convenient distribution of permissions and areas of responsibility when using the server. This can be compared to positions in a hierarchical system: administrators oversee operations at the server level, while users manage their personal resources and tasks.

Permissions Table for Each Role

This section provides a detailed overview of the permissions assigned to each role in the system. The table below lists all roles with their respective capabilities, marked with a plus (+) for available permissions and a minus (–) for restricted ones.

Permissions	Server administrator	Company administrator	Site administrator	Concierge	User

Permissions	Server administrator	Company administrator	Site administrator	Concierge	User
UKEY2
Can view UKEY2	+	—	—	—	—
Amenities reservation
Can create amenities	+	+	+	+ —	—
Can view all amenities	+	—	—	—	—
Can view amenities from their group	+	+	+	+	—
Can view amenities from descendant groups	+	+	+	+	—
Can view their own amenities	+	+	+	+	—
Can edit all amenities	+	—	—	—	—
Can edit amenities from their group	+	+	+	+	—
Can edit amenities from descendant groups	+	+	+	+	—
Can edit their own amenities	+	+	+	+	—
Can delete all amenities	+	—	—	—	—
Can delete amenities from their group	+	+	+	+	—
Can delete amenities from descendant groups	+	+	+	+	—
Can delete their own amenities	+	+	+	+	—
Can view all amenity reservations	+	—	—	—	—
Can view amenity reservations from their group	+	+	+	+	—
Can view amenity reservations from descendant groups	+	+	+	+	—
Can view their own amenity reservations	+	+	+	+	—
Can create amenity reservations	+	+	+	+	—
Can edit all amenity reservations	+	—	—	—	—
Can edit amenity reservations from their group	+	+	+	+	—
Can edit amenity reservations from descendant groups	+	+	+	+	—
Can edit their own amenity reservations	+	+	+	+	—
Can view logs of all amenity reservations	+	—	—	—	—
Can view amenity reservation logs from their group	+	+	+	+	—
Can view amenity reservation logs from descendant groups	+	+	+	+	—
Can view logs of their own amenity reservations	+	+	+	+	—
Virtual numbers
Can edit available virtual numbers	+	+	+	—	—
Can delete available virtual numbers	+	+	+	—	—
Can activate available virtual numbers	+	+	+	—	—-
Can create virtual numbers	+	+	+	—	—
Can view virtual numbers of their group	+	+	+	+	+
Can view virtual numbers of descendant groups	+	+	+	+	—
Can view all virtual numbers on the server	+	—	—	—	—
Groups
Can create root groups	+	—	—	—	—
Can create descendant groups	+	+	+	—	—
Can view all groups on the server	+	—	—	—	—
Can view residential complex/maintenance organization information settings of available groups	+	+	+	—	—
Can view residential complex/maintenance organization information in the mobile app	+	+	+	+	+
Can edit residential complex/maintenance organization information settings of available groups	+	+	+	—	—
Can view email templates of available groups	+	+	+	—	—
Can edit email templates of available groups	+	+	+	—	—
Can edit all groups on the server	+	—	—	—	—
Can edit descendant groups	+	+	+	—	—
Can edit basic parameters of their own group	+	+	--	—	—
Can manage users of their own group	+	+	+	—	—
Can manage access rules of their own group	+	+	+	—	—
Can manage devices of their own group	+	+	+	—	—
Can manage guest access of their own group	+	+	+	—	—
Can manage SIP trunks of their own group	+	+	+	—	—
Can manage forwarding settings of their own group	+	+	+	—	—
Can delete all groups on the server	+	—	—	—	—
Can delete their own groups	+	+	+	—	—
Calls
Can call numbers in their group	+	+	+	+	+
Can call numbers of descendant groups	+	+	+	+	—
Can call all numbers on the server	+	—	—	—	—
Can intercept calls like a concierge	+	+	+	+	—
Can receive calls from users of descendant groups	+	+	+	+	—
Can call to intercom	+	+	+	+	+
Identifiers
Can view identifiers of their group	+	+	+	—	+
Can view identifiers of descendant groups	+	+	+	—	—
Can view all identifiers on the server	+	—	—	—	—
Can create identifiers	+	+	+	—	—
Can delete available identifiers	+	+	+	—	—
Can edit available identifiers	+	+	+	—	—
Can view ACS logs by identifiers of available devices	+	+	+	—	—
Can create guest identifiers	+	+	+	—	+
Can import identifiers	+	+	+	—	—
Can export identifiers	+	+	+	—	—
Call History
Can view call history of their group numbers	+	+	+	+	+
Can view call history of descendant group numbers	+	+	+	—	—
Can view call history of all numbers on the server	+	—	—	—	—
Elevators
Can create elevators	+	+	+	—	—
Can edit available elevators	+	+	+	—	—
Can remove available elevators	+	+	+	—	—
Can view available elevators and access rules	+	+	+	—	+
Can view all elevators on the server	+	—	—	—	—
Can view all access rules for elevators	+	—	—	—	—
Licenses
Can view the license settings of their group	+	+	+	—	—
Can view the license settings of descendant groups	+	+	+	—	—
Can view the license settings of all groups on the server	+	—	—	—	—
Can edit the license settings of their group	+	—	—	—	—
Can edit the license settings of descendant groups	+	+	+	—	—
Can edit the license settings of all groups on the server	+	—	—	—	—
Can view the license settings of available users	+	+	+	—	--
Can edit the license settings of available users	+	+	+	—	--
Can view server licenses	+	—	—	—	—
Can edit server licenses	+	—	—	—	—
Markers
Can view available markers	+	+	+	+	—
Can create markers	+	+	+	—	—
Can edit available markers	+	+	+	—	—
Can delete available markers	+	+	+	—	—
Can apply available markers	+	+	+	—	—
Can view all markers on the server	+	—	—	—	—
Reports
Can view license usage statistics	+	+	+	—	—
Project Settings
Can edit server settings	+	—	—	—	—
Can view server settings	+	—	—	—	—
Can import device backup data	+	+	+	—	—
Can view management company/residential complex information	+	+	+	+	+
SIP Trunks
Can create SIP trunks	+	+	+	—	—
Can view their own SIP trunks	+	+	+	—	—
Can view SIP trunks from their group	+	+	+	—	—
Can view all SIP trunks on the server	+	—	—	—	—
Can edit their own SIP trunks	+	+	+	—	—
Can edit SIP trunks from their group	+	+	+	—	—
Can view SIP trunks from descendant groups	+	+	+	—	—
Can edit SIP trunks from descendant groups	+	+	+	—	—
Can edit all SIP trunks on the server	+	—	—	—	—
Can delete their own SIP trunks	+	+	+	—	—
Can delete SIP trunks from their group	+	+	+	—	—
Can delete SIP trunks from descendant groups	+	+	+	—	—
Can delete all SIP trunks on the server	+	—	—	—	—
Users
Can create users	+	+	+	—	—
Can view available users	+	+	+	+	—
Can view all users on the server	+	—	—	—	—
Can edit available users	+	+	+	—	—
Can edit their own profile	+	+	+	—	—
Can delete available users	+	+	+	—	—
Access Restrictions
Can view available access rules	+	+	+	—	—
Can create access rules	+	+	+	—	—
Can edit available access rules	+	+	+	—	—
Can delete available access rules	+	+	+	—	—
Can view all access rules on the server	+	—	—	—	—
Forward Rules
Can view available forwarding rules	+	+	+	—	—
Can create forwarding rules	+	+	+	—	—
Can edit available forwarding rules	+	+	+	—	—
Can delete available forwarding rules	+	+	+	—	—
Can view all forwarding rules on the server	+	—	—	—	—
Schedules
Can view available schedules	+	+	+	—	—
Can create schedules	+	+	+	—	—
Can edit available schedules	+	+	+	—	—
Can delete available schedules	+	+	+	—	—
Can view all schedules on the server	+	—	—	—	—
Annonces
Can view available announcements	+	+	+	+	—
Can create announcements	+	+	+	+	—
Can edit available announcements	+	+	+	+	—
Can delete available announcements	+	+	+	+	—
Can send available announcements	+	+	+	+	+
Can view all announcements on the server	+	—	—	—	—
Backup
Can create server backups	+	—	—	—	—
Can delete server backups	+	—	—	—	—
Can view server backups	+	—	—	—	—
Can restore backups from the server	+	—	—	—	—
Can restore backups from files	+	—	—	—	—
Can download backups from the server	+	—	—	—	—
Profiles
Can create roles	+	+	+	—	—
Can view roles from the "Available Profiles" list	+	+	+	—	—
Can view roles of available users	+	+	+	—	—
Can edit all roles on the server	+	—	—	—	—
Can edit roles created by them	+	+	+	—	—
Can edit roles of available users	+	+	+	—	—
Can edit roles from the "Available Profiles" list	+	—	—	—	—
Can delete roles created by them	+	+	+	—	—
Can delete available roles	+	+	+	—	—
Can delete all roles on the server	+	—	—	—	—
Can grant permissions beyond their own	+	—	—	—	—
Can view all roles, not just available ones	+	—	—	—	—
System
Can view system audit for available objects	+	+	+	—	—
Can view system audit for all objects on the server	+	+	+	—	—
Alarm Events
Can process available alarm events	+	+	+	+	—
Can view available alarm events	+	+	+	+	—
Can delete available alarm events	+	+	+	+	—
Conversations
Can view conversations of users in their group	+	+	+	+	+
Can view conversations of users in descendant groups	+	+	+	—	—
Can view all conversations on the server	+	—	—	—	—
Can send messages to available users	+	+	+	+	+
Can create conversations	+	+	+	+	+
Can send conversation messages	+		+	+	+
Can delete available conversations	+	+	+	—	—
Can receive messages from users in descendant groups	+	+	+	+	—
Invitation Links
Can create invitation links	+	+	+	—	—
Can view their own invitation links	+	+	+	—	—
Can view invitation links of users in their group	+	+	+	—	—
Can view invitation links of users in descendant groups	+	+	+	—	—
Can view all invitation links on the server	+	—	—	—	—
Can edit their own invitation links	+	+	+	—	—
Can edit invitation links of users in their group	+	+	+	—	—
Can edit perpetual invitation links of users in descendant groups	+	+	+	—	—
Can edit all invitation links on the server	+	—	—	—	—
Can delete their own invitation links	+	+	+	—	—
Can delete invitation links of users in their group	+	+	+	—	—
Can delete invitation links of users in descendant groups	+	+	+	—	—
Can delete all invitation links on the server	+	—	—	—	—
Devices
Can create devices	+	+	+	—	—
Can view devices in their group	+	+	+	+	+
Can view devices of descendant groups	+	+	+	+	—
Can view all devices on the server	+	—	—	—	—
Can view the status of available devices	+	+	+	—	—
Can view the task queue of available devices	+	+	+	—	—
Can view firmware status information of available devices	+	+	+	—	—
Can view logs of available devices	+	+	+	—	—
Can edit available devices	+	+	+	—	—
Can delete available devices	+	+	+	—	—
Emergency Alerts
Can view emergency alerts of their group	+	+	+	+	—
Can view emergency alerts of descendant groups	+	+	+	+	—
Can view all emergency alerts on the server	+	—	—	—	—
Can create emergency alerts	+	+	+	—	—
Can playback available emergency alerts	+	+	+	+	—
Can edit available emergency alerts	+	+	+	—	—
Can delete available emergency alerts	+	+	+	—	—

Creating a Custom Role

In addition to standard roles, the system allows you to create custom roles with a unique set of permissions tailored to your project’s needs. You can fine-tune access, define functional limitations, and allocate rights for specific tasks or users.

Stages of creation:

Go to the Profiles tab in the User Management section.
Click on the plus icon in the bottom-right corner of the page.

In the pop-up window, enter a name for the new role.
Add a description for the role if needed.
In the Available Profiles section, select the roles that the new role will be able to edit.
In the Permissions section, select all the necessary permissions for the new role.
Click on the save icon in the bottom-right corner to apply the changes.

Creating a Role by Copying

In addition to the standard role creation process, you can copy an existing role on the server and customize it to suit your needs. This significantly reduces setup time, especially when the new role requires similar settings to an existing one.

Stages of creation:

Go to the Profiles tab in the User Management section.
Click on the copy icon to the right of the role name.

In the opened window, enter a name for the new role.
Add a description for the role if needed.
In the Available Profiles section, select the roles that the new role will be able to edit.
In the Permissions section, add or remove the necessary permissions for the new role.
Click on the save icon in the bottom-right corner to apply the changes.

Assigning a Role to a User

To assign a role to a user, you first need to create and configure a group where users with assigned roles will be added. Groups help organize users and simplify the management of their access rights.

You can find a detailed guide on creating and configuring a group here.

Stages of creation:

Go to the Object Group section.
Use the navigation arrows to select the desired group level and click on the three vertical dots to the right of the group name.
Select New User.

In the pop-up window, fill in the required information:
- Enter the user name.
- From the drop-down list, select the role by clicking on it.
- Enter the email where the registration instructions will be sent.
- Provide the phone number.
- If needed, add: marker, description, identifier, address, Access Restrictions, and additional identifiers.

In the Licenses section, configure the user’s access to server features:
- Add or remove checkmarks next to the checkboxes.
- Set the quantity for virtual numbers, mobile applications, and UKEY2.

Ensure that the permissions you assign do not exceed the limits available to you.

Click the save icon in the bottom-right corner to add the user with the selected role.

After saving, the added user with the assigned role will appear at the bottom of the selected group.