/
Roles

Roles

Owned by Karyna Kompaniiets
Last updated: Apr 04, 2025 by Karyna Kompaniiets
12 min read

In the BAS-IP Link system, roles define a set of permissions and rules for different user categories. The system includes four primary roles: Company Administrator, Site Administrator, Concierge, and User, each with unique settings for server interaction — from managing groups and licenses to personal housing. Additionally, you can create custom roles to tailor permissions to your project’s needs.

Standard roles on the server

The server provides predefined roles with specific functions designed for various system usage scenarios. In this section, we will explain the purpose of each role, their key capabilities, and the conditions for obtaining them.

  • Company Administrator — manages company resources, creates subgroups, assigns administrators, and distributes licenses. This role configures resources and defines access for subordinate roles like the Site Administrator. To obtain this role, users must first select "Dealer" or "Installer" during registration and then contact our sales department, where the role will be assigned manually.

  • Site Administrator — manages all assigned resources within their hierarchy, including rooms, devices, and groups. Has full access to view and edit data, configure system settings, and control bookings and access permissions. Assigned manually by the Company Administrator or automatically during registration by a dealer or installer.

  • User — has limited access to a personal account with no permissions for system-level management. Can configure their profile, view available devices and bookings, create guest passes, and receive messages. Assigned manually by the Company Administrator or Site Administrator.

  • Concierge — manages interactions with residents, including sending messages, making and receiving calls, and controlling bookings and access. Has access to group-level information and assigned devices to support communication and maintain security. Assigned manually by the Company Administrator or Site Administrator to the responsible personnel.

Profile management _ BAS-IP Link - Google 2.png

Roles allow for convenient distribution of permissions and areas of responsibility when using the server. This can be compared to positions in a hierarchical system: administrators oversee operations at the server level, while users manage their personal resources and tasks.

Permissions table for each role

This section provides a detailed overview of the permissions assigned to each role in the system. The table below lists all roles with their respective capabilities, marked with a plus (+) for available permissions and a minus (–) for restricted ones.

Permissions

Company administrator

Site administrator

Concierge

User

Permissions

Company administrator

Site administrator

Concierge

User

UKEY2

 

 

 

 

Can view UKEY2

Amenities reservation

 

 

 

 

Can create amenities

+

+

+ —

Can view all amenities

Can view amenities from their group

+

+

+

Can view amenities from descendant groups

+

+

+

Can view their own amenities

+

+

+

Can edit all amenities

Can edit amenities from their group

+

+

+

Can edit amenities from descendant groups

+

+

+

Can edit their own amenities

+

+

+

Can delete all amenities

Can delete amenities from their group

+

+

+

Can delete amenities from descendant groups

+

+

+

Can delete their own amenities

+

+

+

Can view all amenity reservations

Can view amenity reservations from their group

+

+

+

Can view amenity reservations from descendant groups

+

+

+

Can view their own amenity reservations

+

+

+

Can create amenity reservations

+

+

+

Can edit all amenity reservations

Can edit amenity reservations from their group

+

+

+

Can edit amenity reservations from descendant groups

+

+

+

Can edit their own amenity reservations

+

+

+

Can view logs of all amenity reservations

Can view amenity reservation logs from their group

+

+

+

Can view amenity reservation logs from descendant groups

+

+

+

Can view logs of their own amenity reservations

+

+

+

Virtual numbers

 

 

 

 

Can edit available virtual numbers

+

+

Can delete available virtual numbers

+

+

Can activate available virtual numbers

+

+

—-

Can create virtual numbers

+

+

Can view virtual numbers of their group

+

+

+

+

Can view virtual numbers of descendant groups

+

+

+

Can view all virtual numbers on the server

Groups

 

 

 

 

Can create root groups

Can create descendant groups

+

+

Can view all groups on the server

Can view residential complex/maintenance organization information settings of available groups

+

+

Can view residential complex/maintenance organization information in the mobile app

+

+

+

+

Can edit residential complex/maintenance organization information settings of available groups

+

+

Can view email templates of available groups

+

+

Can edit email templates of available groups

+

+

Can edit all groups on the server

Can edit descendant groups

+

+

Can edit basic parameters of their own group

+

--

Can manage users of their own group

+

+

Can manage access rules of their own group

+

+

Can manage devices of their own group

+

+

Can manage guest access of their own group

+

+

Can manage SIP trunks of their own group

+

+

Can manage forwarding settings of their own group

+

+

Can delete all groups on the server

Can delete their own groups

+

+

Calls

 

 

 

 

Can call numbers in their group

+

+

+

+

Can call numbers of descendant groups

+

+

+

Can call all numbers on the server

Can intercept calls like a concierge

+

+

+

Can receive calls from users of descendant groups

+

+

+

Can call to intercom

+

+

+

+

Identifiers

 

 

 

 

Can view identifiers of their group

+

+

+

Can view identifiers of descendant groups

+

+

Can view all identifiers on the server

Can create identifiers

+

+

Can delete available identifiers

+

+

Can edit available identifiers

+

+

Can view ACS logs by identifiers of available devices

+

+

Can create guest identifiers

+

+

+

Can import identifiers

+

+

Can export identifiers

+

+

Call History

 

 

 

 

Can view call history of their group numbers

+

+

+

+

Can view call history of descendant group numbers

+

+

Can view call history of all numbers on the server

Elevators

 

 

 

 

Can create elevators

+

+

Can edit available elevators

+

+

Can remove available elevators

+

+

Can view available elevators and access rules

+

+

+

Can view all elevators on the server

Can view all access rules for elevators

Licenses

 

 

 

 

Can view the license settings of their group

+

+

Can view the license settings of descendant groups

+

+

Can view the license settings of all groups on the server

Can edit the license settings of their group

Can edit the license settings of descendant groups

+

+

Can edit the license settings of all groups on the server

Can view the license settings of available users

+

+

--

Can edit the license settings of available users

+

+

--

Can view server licenses

Can edit server licenses

Markers

 

 

 

 

Can view available markers

+

+

+

Can create markers

+

+

Can edit available markers

+

+

Can delete available markers

+

+

Can apply available markers

+

+

Can view all markers on the server

Reports

 

 

 

 

Can view license usage statistics

+

+

Project Settings

 

 

 

 

Can edit server settings

Can view server settings

Can import device backup data

+

+

Can view management company/residential complex information

+

+

+

+

SIP Trunks

 

 

 

 

Can create SIP trunks

+

+

Can view their own SIP trunks

+

+

Can view SIP trunks from their group

+

+

Can view all SIP trunks on the server

Can edit their own SIP trunks

+

+

Can edit SIP trunks from their group

+

+

Can view SIP trunks from descendant groups

+

+

Can edit SIP trunks from descendant groups

+

+

Can edit all SIP trunks on the server

Can delete their own SIP trunks

+

+

Can delete SIP trunks from their group

+

+

Can delete SIP trunks from descendant groups

+

+

Can delete all SIP trunks on the server

Users

 

 

 

 

Can create users

+

+

Can view available users

+

+

+

Can view all users on the server

Can edit available users

+

+

Can edit their own profile

+

+

Can delete available users

+

+

Access Restrictions

 

 

 

 

Can view available access rules

+

+

Can create access rules

+

+

Can edit available access rules

+

+

Can delete available access rules

+

+

Can view all access rules on the server

Forward Rules

 

 

 

 

Can view available forwarding rules

+

+

Can create forwarding rules

+

+

Can edit available forwarding rules

+

+

Can delete available forwarding rules

+

+

Can view all forwarding rules on the server

Schedules

 

 

 

 

Can view available schedules

+

+

Can create schedules

+

+

Can edit available schedules

+

+

Can delete available schedules

+

+

Can view all schedules on the server

Annonces

 

 

 

 

Can view available announcements

+

+

+

Can create announcements

+

+

+

Can edit available announcements

+

+

+

Can delete available announcements

+

+

+

Can send available announcements

+

+

+

+

Can view all announcements on the server

Backup

 

 

 

 

Can create server backups

Can delete server backups

Can view server backups

Can restore backups from the server

Can restore backups from files

Can download backups from the server

Profiles

 

 

 

 

Can create roles

+

+

Can view roles from the "Available Profiles" list

+

+

Can view roles of available users

+

+

Can edit all roles on the server

Can edit roles created by them

+

+

Can edit roles of available users

+

+

Can edit roles from the "Available Profiles" list

Can delete roles created by them

+

+

Can delete available roles

+

+

Can delete all roles on the server

Can grant permissions beyond their own

Can view all roles, not just available ones

System

 

 

 

 

Can view system audit for available objects

+

+

Can view system audit for all objects on the server

+

+

Alarm Events

 

 

 

 

Can process available alarm events

+

+

+

Can view available alarm events

+

+

+

Can delete available alarm events

+

+

+

Conversations

 

 

 

 

Can view conversations of users in their group

+

+

+

+

Can view conversations of users in descendant groups

+

+

Can view all conversations on the server

Can send messages to available users

+

+

+

+

Can create conversations

+

+

+

+

Can send conversation messages

 

+

+

+

Can delete available conversations

+

+

Can receive messages from users in descendant groups

+

+

+

Invitation Links

 

 

 

 

Can create invitation links

+

+

Can view their own invitation links

+

+

Can view invitation links of users in their group

+

+

Can view invitation links of users in descendant groups

+

+

Can view all invitation links on the server

Can edit their own invitation links

+

+

Can edit invitation links of users in their group

+

+

Can edit perpetual invitation links of users in descendant groups

+

+

Can edit all invitation links on the server

Can delete their own invitation links

+

+

Can delete invitation links of users in their group

+

+

Can delete invitation links of users in descendant groups

+

+

Can delete all invitation links on the server

Devices

 

 

 

 

Can create devices

+

+

Can view devices in their group

+

+

+

+

Can view devices of descendant groups

+

+

+

Can view all devices on the server

Can view the status of available devices

+

+

Can view the task queue of available devices

+

+

Can view firmware status information of available devices

+

+

Can view logs of available devices

+

+

Can edit available devices

+

+

Can delete available devices

+

+

Emergency Alerts

 

 

 

 

Can view emergency alerts of their group

+

+

+

Can view emergency alerts of descendant groups

+

+

+

Can view all emergency alerts on the server

Can create emergency alerts

+

+

Can playback available emergency alerts

+

+

+

Can edit available emergency alerts

+

+

Can delete available emergency alerts

+

+

Creating a custom role

In addition to standard roles, the system allows you to create custom roles with a unique set of permissions tailored to your project’s needs. You can fine-tune access, define functional limitations, and allocate rights for specific tasks or users.

Stages of creation:

  1. Go to the Profiles tab in the User Management section.

  2. Click on the plus icon in the bottom-right corner of the page.

Profile management _ BAS-IP Link - Google 12.png

  1. In the pop-up window, enter a name for the new role.

  2. Add a description for the role if needed.

  3. In the Available Profiles section, select the roles that the new role will be able to edit.

  4. In the Permissions section, select all the necessary permissions for the new role.

  5. Click on the save icon in the bottom-right corner to apply the changes.

Add profile _ BAS-IP Link - Google Chrome 2024-12-.png

A user cannot assign permissions that exceed their own. The available permissions and editable profiles depend on the current user access level.

 

Creating a role by copying

In addition to the standard role creation process, you can copy an existing role on the server and customize it to suit your needs. This significantly reduces setup time, especially when the new role requires similar settings to an existing one.

Stages of creation:

  1. Go to the Profiles tab in the User Management section.

  2. Click on the copy icon to the right of the role name.

Profile management _ BAS-IP Link - Google Chrome 22.png

  1. In the opened window, enter a name for the new role.

  2. Add a description for the role if needed.

  3. In the Available Profiles section, select the roles that the new role will be able to edit.

  4. In the Permissions section, add or remove the necessary permissions for the new role.

  5. Click on the save icon in the bottom-right corner to apply the changes.

Add profile _ BAS-IP Link - Google Chrome 2024--.png

 

Assigning a role to a user

To assign a role to a user, you first need to create a user and configure a group where users with assigned roles will be added. Groups help organize users and simplify the management of their access rights.

Learn more about creating and configuring groups in the Object Groups guide.

Stages of creation:

  1. Go to the Object Group section.

  2. Use the ▶ to select the desired group level and click on the ••• to the right of the group name.

  3. Open the user creation, or user editing window.

  1. Click the Profile field and select the desired role from the list.

Знімок екрана 2025-04-04 180140_.PNG

In addition to the assigned role, user permissions also depend on the position in the group hierarchy.

Related content