Roles

In the BAS-IP Link system, roles define a set of permissions and rules for different user categories. The system includes four primary roles: Company Administrator, Site Administrator, Concierge, and User, each with unique settings for server interaction — from managing groups and licenses to personal housing. Additionally, you can create custom roles to tailor permissions to your project’s needs.

1 Standard roles on the server
- 1.1 Permissions table for each role
2 Creating a custom role
- 2.1 Creating a role by copying
- 2.2 Assigning a role to a user

Standard roles on the server

The server provides predefined roles with specific functions designed for various system usage scenarios. In this section, we will explain the purpose of each role, their key capabilities, and the conditions for obtaining them.

Company Administrator — manages company resources, creates subgroups, assigns administrators, and distributes licenses. This role configures resources and defines access for subordinate roles like the Site Administrator. To obtain this role, users must first select "Dealer" or "Installer" during registration and then contact our sales department, where the role will be assigned manually.
Site Administrator — manages all assigned resources within their hierarchy, including rooms, devices, and groups. Has full access to view and edit data, configure system settings, and control bookings and access permissions. Assigned manually by the Company Administrator or automatically during registration by a dealer or installer.
User — has limited access to a personal account with no permissions for system-level management. Can configure their profile, view available devices and bookings, create guest passes, and receive messages. Assigned manually by the Company Administrator or Site Administrator.
Concierge — manages interactions with residents, including sending messages, making and receiving calls, and controlling bookings and access. Has access to group-level information and assigned devices to support communication and maintain security. Assigned manually by the Company Administrator or Site Administrator to the responsible personnel.

Roles allow for convenient distribution of permissions and areas of responsibility when using the server. This can be compared to positions in a hierarchical system: administrators oversee operations at the server level, while users manage their personal resources and tasks.

Permissions table for each role

This section provides a detailed overview of the permissions assigned to each role in the system. The table below lists all roles with their respective capabilities, marked with a plus (+) for available permissions and a minus (–) for restricted ones.

Permissions	Company administrator	Site administrator	Concierge	User

Permissions	Company administrator	Site administrator	Concierge	User
UKEY2
Can view UKEY2	—	—	—	—
Amenities reservation
Can create amenities	+	+	+ —	—
Can view all amenities	—	—	—	—
Can view amenities from their group	+	+	+	—
Can view amenities from descendant groups	+	+	+	—
Can view their own amenities	+	+	+	—
Can edit all amenities	—	—	—	—
Can edit amenities from their group	+	+	+	—
Can edit amenities from descendant groups	+	+	+	—
Can edit their own amenities	+	+	+	—
Can delete all amenities	—	—	—	—
Can delete amenities from their group	+	+	+	—
Can delete amenities from descendant groups	+	+	+	—
Can delete their own amenities	+	+	+	—
Can view all amenity reservations	—	—	—	—
Can view amenity reservations from their group	+	+	+	—
Can view amenity reservations from descendant groups	+	+	+	—
Can view their own amenity reservations	+	+	+	—
Can create amenity reservations	+	+	+	—
Can edit all amenity reservations	—	—	—	—
Can edit amenity reservations from their group	+	+	+	—
Can edit amenity reservations from descendant groups	+	+	+	—
Can edit their own amenity reservations	+	+	+	—
Can view logs of all amenity reservations	—	—	—	—
Can view amenity reservation logs from their group	+	+	+	—
Can view amenity reservation logs from descendant groups	+	+	+	—
Can view logs of their own amenity reservations	+	+	+	—
Virtual numbers
Can edit available virtual numbers	+	+	—	—
Can delete available virtual numbers	+	+	—	—
Can activate available virtual numbers	+	+	—	—-
Can create virtual numbers	+	+	—	—
Can view virtual numbers of their group	+	+	+	+
Can view virtual numbers of descendant groups	+	+	+	—
Can view all virtual numbers on the server	—	—	—	—
Groups
Can create root groups	—	—	—	—
Can create descendant groups	+	+	—	—
Can view all groups on the server	—	—	—	—
Can view residential complex/maintenance organization information settings of available groups	+	+	—	—
Can view residential complex/maintenance organization information in the mobile app	+	+	+	+
Can edit residential complex/maintenance organization information settings of available groups	+	+	—	—
Can view email templates of available groups	+	+	—	—
Can edit email templates of available groups	+	+	—	—
Can edit all groups on the server	—	—	—	—
Can edit descendant groups	+	+	—	—
Can edit basic parameters of their own group	+	--	—	—
Can manage users of their own group	+	+	—	—
Can manage access rules of their own group	+	+	—	—
Can manage devices of their own group	+	+	—	—
Can manage guest access of their own group	+	+	—	—
Can manage SIP trunks of their own group	+	+	—	—
Can manage forwarding settings of their own group	+	+	—	—
Can delete all groups on the server	—	—	—	—
Can delete their own groups	+	+	—	—
Calls
Can call numbers in their group	+	+	+	+
Can call numbers of descendant groups	+	+	+	—
Can call all numbers on the server	—	—	—	—
Can intercept calls like a concierge	+	+	+	—
Can receive calls from users of descendant groups	+	+	+	—
Can call to intercom	+	+	+	+
Identifiers
Can view identifiers of their group	+	+	—	+
Can view identifiers of descendant groups	+	+	—	—
Can view all identifiers on the server	—	—	—	—
Can create identifiers	+	+	—	—
Can delete available identifiers	+	+	—	—
Can edit available identifiers	+	+	—	—
Can view ACS logs by identifiers of available devices	+	+	—	—
Can create guest identifiers	+	+	—	+
Can import identifiers	+	+	—	—
Can export identifiers	+	+	—	—
Call History
Can view call history of their group numbers	+	+	+	+
Can view call history of descendant group numbers	+	+	—	—
Can view call history of all numbers on the server	—	—	—	—
Elevators
Can create elevators	+	+	—	—
Can edit available elevators	+	+	—	—
Can remove available elevators	+	+	—	—
Can view available elevators and access rules	+	+	—	+
Can view all elevators on the server	—	—	—	—
Can view all access rules for elevators	—	—	—	—
Licenses
Can view the license settings of their group	+	+	—	—