CopyProfiles

The system provides user groups with varying access levels for resource management and security, allowing permissions to be tailored to tasks—from administration to resident interactions. Not every user requires full access to all menus and settings of the Link server. In this section, you can create profiles (roles) with specific permissions, which will apply to all users within that role.

Below is a description of the available roles and their functions.

Server administrator: Full access to manage all aspects of the server. This role includes creating and editing user groups and roles, managing all objects, including rooms, virtual numbers, and devices. The Server Administrator has access to all data on the server, including logs and archives, and is responsible for backups, data recovery, security settings, and system audit.
Company administrator: Management rights within the company. The Company Administrator can create subgroups, assign responsible administrators, and distribute licenses among users. Their role is to configure and manage the company’s resources and set access restrictions for subordinate roles, such as the Site Administrator.
Site administrator: Limited management rights within the company’s resources. The Site Administrator can manage assigned resources, such as rooms and devices, view and edit data within their group and subordinate groups, and control room bookings and access to facilities. Site Administrator permissions are determined by senior administrators and restricted by hierarchy.
User: Standard user access to a personal account. The User can configure their profile, view their devices and bookings, create guest passes, and receive messages. Access is limited to personal settings and interaction with shared functions without control over system parameters.
Concierge: A role for interacting with residents and guests. The Concierge manages resident groups, sends announcements and messages, controls room bookings and access to facilities, and has access to group information and devices to ensure security and communication.

How to obtain each role

Company Administrator: Access to this role can only be obtained after completing validation with our technical support. Once validated, the necessary permissions are granted.
Site Administrator: There are two ways to obtain this role:
- Invitation: The Company Administrator invites the user to a specific group in the Object Group section.
- Self-selection: During registration, the user can choose this role, labeled as Dealer/Installer.
Concierge: The Concierge role is assigned manually by the group administrator. To do this, the administrator uses the New User dropdown and selects the Concierge role from previously added roles in the Profiles section.
User: A user can either register independently on the website or be added manually:
- Self-registration: The user completes registration on the website.
- Manual addition: The administrator uses the New User dropdown and selects the User role from the Profiles section. If the user is added manually, a QR code and a standard code are sent to the specified email for verification and to complete registration.

Permissions Table for Each Role

In the table below, important role permissions are specified. Click to view.

Click here to expand...

Permissions	Administrator	Company administrator	Site administrator	Concierge	User
UKEY2
Can view UKEY2	+	—	—	—	—
Amenities reservation
Can create amenities	+	+	+	+ —	—
Can view all amenities	+	—	—	—	—
Can view amenities from their group	+	+	+	+	—
Can view amenities from descendant groups	+	+	+	+	—
Can view their own amenities	+	+	+	+	—
Can edit all amenities	+	—	—	—	—
Can edit amenities from their group	+	+	+	+	—
Can edit amenities from descendant groups	+	+	+	+	—
Can edit their own amenities	+	+	+	+	—
Can delete all amenities	+	—	—	—	—
Can delete amenities from their group	+	+	+	+	—
Can delete amenities from descendant groups	+	+	+	+	—
Can delete their own amenities	+	+	+	+	—
Can view all amenity reservations	+	—	—	—	—
Can view amenity reservations from their group	+	+	+	+	—
Can view amenity reservations from descendant groups	+	+	+	+	—
Can view their own amenity reservations	+	+	+	+	—
Can create amenity reservations	+	+	+	+	—
Can edit all amenity reservations	+	—	—	—	—
Can edit amenity reservations from their group	+	+	+	+	—
Can edit amenity reservations from descendant groups	+	+	+	+	—
Can edit their own amenity reservations	+	+	+	+	—
Can view logs of all amenity reservations	+	—	—	—	—
Can view amenity reservation logs from their group	+	+	+	+	—
Can view amenity reservation logs from descendant groups	+	+	+	+	—
Can view logs of their own amenity reservations	+	+	+	+	—
Virtual numbers
Can edit available virtual numbers	+	+	+	—	—
Can delete available virtual numbers	+	+	+	—	—
Can activate available virtual numbers	+	+	+	—	—-
Can create virtual numbers	+	+	+	—	—
Can view virtual numbers of their group	+	+	+	+	+
Can view virtual numbers of descendant groups	+	+	+	+	—
Can view all virtual numbers on the server	+	—	—	--	—
Groups
Can create root groups	+	—	—	—	—
Can create descendant groups	+	+	+	—	—
Can view all groups on the server	+	—	—	—	—
Can view residential complex/maintenance organization information settings of available groups	+	+	+	—	—
Can view residential complex/maintenance organization information in the mobile app	+	+	+	+	+
Can edit residential complex/maintenance organization information settings of available groups	+	+	+	—	—
Can view email templates of available groups	+	+	+	—	—
Can edit email templates of available groups	+	+	+	—	—
Can edit all groups on the server	+	—	—	—	—
Can edit descendant groups	+	+	+	—	—
Can edit basic parameters of their own group	+	+	--	—	—
Can manage users of their own group	+	+	+	—	—
Can manage access rules of their own group	+	+	+	—	—
Can manage devices of their own group	+	+	+	—	—
Can manage guest access of their own group	+	+	+	—	—
Can manage SIP trunks of their own group	+	+	+	—	—
Can manage forwarding settings of their own group	+	+	+	—	—
Can delete all groups on the server	+	—	—	—	—
Can delete their own groups	+	+	+	—	—
Calls
Can call numbers in their group	+	+	+	+	+
Can call numbers of descendant groups	+	+	+	+	—
Can call all numbers on the server	+	—	—	—	—
Can intercept calls like a concierge	+	+	+	+	—
Can receive calls from users of descendant groups	+	+	+	+	—
Can call to intercom	+	+	+	+	+
Identifiers
Can view identifiers of their group	+	+	+	—	+
Can view identifiers of descendant groups	+	+	+	—	—
Can view all identifiers on the server	+	—	—	—	—
Can create identifiers	+	+	+	—	—
Can delete available identifiers	+	+	+	—	—
Can edit available identifiers	+	+	+	—	—
Can view ACS logs by identifiers of available devices	+	+	+	—	—
Can create guest identifiers	+	+	+	—	+
Can import identifiers	+	+	+	—	—
Can export identifiers	+	+	+	—	—
Call History
Can view call history of their group numbers	+	+	+	+	+
Can view call history of descendant group numbers	+	+	+	—	—
Can view call history of all numbers on the server	+	—	—	—	—
Elevators
Can create elevators	+	+	+	—	—
Can edit available elevators	+	+	+	—	—
Can remove available elevators	+	+	+	—	—
Can view available elevators and access rules	+	+	+	—	+
Can view all elevators on the server	+	—	—	—	—
Can view all access rules for elevators	+	—	—	—	—
Licenses
Can view the license settings of their group	+	+	+	—	—
Can view the license settings of descendant groups	+	+	+	—	—
Can view the license settings of all groups on the server	+	—	—	—	—
Can edit the license settings of their group	+	—	—	—	—
Can edit the license settings of descendant groups	+	+	+	—	—
Can edit the license settings of all groups on the server	+	—	—	—	—
Can view the license settings of available users	+	+	+	—	--
Can edit the license settings of available users	+	+	+	—	--
Can view server licenses	+	—	—	—	—
Can edit server licenses	+	—	—	—	—
Markers
Can view available markers	+	+	+	+	—
Can create markers	+	+	+	—	—
Can edit available markers	+	+	+	—	—
Can delete available markers	+	+	+	—	—
Can apply available markers	+	+	+	—	—
Can view all markers on the server	+	—	—	—	—
Reports
Can view license usage statistics	+	+	+	—	—
Project Settings
Can edit server settings	+	—	—	—	—
Can view server settings	+	—	—	—	—
Can import device backup data	+	+	+	—	—
Can view management company/residential complex information	+	+	+	+	+
SIP Trunks
Can create SIP trunks	+	+	+	—	—
Can view their own SIP trunks	+	+	+	—	—
Can view SIP trunks from their group	+	+	+	—	—
Can view all SIP trunks on the server	+	—	—	—	—
Can edit their own SIP trunks	+	+	+	—	—
Can edit SIP trunks from their group	+	+	+	—	—
Can view SIP trunks from descendant groups	+	+	+	—	—
Can edit SIP trunks from descendant groups	+	+	+	—	—
Can edit all SIP trunks on the server	+	—	—	—	—
Can delete their own SIP trunks	+	+	+	—	—
Can delete SIP trunks from their group	+	+	+	—	—
Can delete SIP trunks from descendant groups	+	+	+	—	—
Can delete all SIP trunks on the server	+	—	—	—	—
Users
Can create users	+	+	+	—	—
Can view available users	+	+	+	+	—
Can view all users on the server	+	—	—	—	—
Can edit available users	+	+	+	—	—
Can edit their own profile	+	+	+	—	—
Can delete available users	+	+	+	—	—
Access Restrictions
Can view available access rules	+	+	+	—	—
Can create access rules	+	+	+	—	—
Can edit available access rules	+	+	+	—	—
Can delete available access rules	+	+	+	—	—
Can view all access rules on the server	+	—	—	—	—
Forward Rules
Can view available forwarding rules	+	+	+	—	—
Can create forwarding rules	+	+	+	—	—
Can edit available forwarding rules	+	+	+	—	—
Can delete available forwarding rules	+	+	+	—	—
Can view all forwarding rules on the server	+	—	—	—	—
Schedules
Can view available schedules	+	+	+	—	—
Can create schedules	+	+	+	—	—
Can edit available schedules	+	+	+	—	—
Can delete available schedules	+	+	+	—	—
Can view all schedules on the server	+	—	—	—	—
Annonces
Can view available announcements	+	+	+	+	—
Can create announcements	+	+	+	+	—
Can edit available announcements	+	+	+	+	—
Can delete available announcements	+	+	+	+	—
Can send available announcements	+	+	+	+	+
Can view all announcements on the server	+	—	—	—	—
Backup
Can create server backups	+	—	—	—	—
Can delete server backups	+	—	—	—	—
Can view server backups	+	—	—	—	—
Can restore backups from the server	+	—	—	—	—
Can restore backups from files	+	—	—	—	—
Can download backups from the server	+	—	—	—	—
Profiles
Can create roles	+	+	+	—	—
Can view roles from the "Available Profiles" list	+	+	+	—	—
Can view roles of available users	+	+	+	—	—
Can edit all roles on the server	+	—	—	—	—
Can edit roles created by them	+	+	+	—	—
Can edit roles of available users	+	+	+	—	—
Can edit roles from the "Available Profiles" list	+	—	—	—	—
Can delete roles created by them	+	+	+	—	—
Can delete available roles	+	+	+	—	—
Can delete all roles on the server	+	—	—	—	—
Can grant permissions beyond their own	+	—	—	—	—
Can view all roles, not just available ones	+	—	—	—	—
System
Can view system audit for available objects	+	+	+	—	—
Can view system audit for all objects on the server	+	+	+	—	—
Alarm Events
Can process available alarm events	+	+	+	+	—
Can view available alarm events	+	+	+	+	—
Can delete available alarm events	+	+	+	+	—
Conversations
Can view conversations of users in their group	+	+	+	+	+
Can view conversations of users in descendant groups	+	+	+	—	—
Can view all conversations on the server	+	—	—	—	—
Can send messages to available users	+	+	+	+	+
Can create conversations	+	+	+	+	+
Can send conversation messages	+		+	+	+
Can delete available conversations	+	+	+	—	—
Can receive messages from users in descendant groups	+	+	+	+	—
Invitation Links
Can create invitation links	+	+	+	—	—
Can view their own invitation links	+	+	+	—	—
Can view invitation links of users in their group	+	+	+	—	—
Can view invitation links of users in descendant groups	+	+	+	—	—
Can view all invitation links on the server	+	—	—	—	—
Can edit their own invitation links	+	+	+	—	—
Can edit invitation links of users in their group	+	+	+	—	—
Can edit perpetual invitation links of users in descendant groups	+	+	+	—	—
Can edit all invitation links on the server	+	—	—	—	—
Can delete their own invitation links	+	+	+	—	—
Can delete invitation links of users in their group	+	+	+	—	—
Can delete invitation links of users in descendant groups	+	+	+	—	—
Can delete all invitation links on the server	+	—	—	—	—
Devices
Can create devices	+	+	+	—	—
Can view devices in their group	+	+	+	+	+
Can view devices of descendant groups	+	+	+	+	—
Can view all devices on the server	+	—	—	—	—
Can view the status of available devices	+	+	+	—	—
Can view the task queue of available devices	+	+	+	—	—
Can view firmware status information of available devices	+	+	+	—	—
Can view logs of available devices	+	+	+	—	—
Can edit available devices	+	+	+	—	—
Can delete available devices	+	+	+	—	—
Emergency Alerts
Can view emergency alerts of their group	+	+	+	+	—
Can view emergency alerts of descendant groups	+	+	+	+	—
Can view all emergency alerts on the server	+	—	—	—	—
Can create emergency alerts	+	+	+	—	—
Can playback available emergency alerts	+	+	+	+	—
Can edit available emergency alerts	+	+	+	—	—
Can delete available emergency alerts	+	+	+	—	—

How to create a profile

Go to the Profiles tab of the User management section.
Click the plus icon (in the low left corner).
Enter a profile name and add a description (if required).
Select the permissions (and, corresponding, the functionality) you want this user type to have.
Add other available profile types that this type can edit (if necessary). For example, for the administrator type, all profiles can be added in this section.
Save data by clicking the corresponding button in the left low corner.

As a result, the profile will be added to a list where you can edit or delete it. Also, you can filter profiles by name.

To apply the profile to a user you can in the Users tab.

Independent projects on the one server

It is possible to use a server for several small projects, e.g., for some separate areas with few devices. In this case, each root group stands for a single project. The administrators see only their root group info about subgroups, device(s), user(s), role(s), access rule(s), logs, etc. In other words, the administrator must be added to the root group to manage and monitor all linked with this group. So, they can not influence and access other projects they are not linked with.

If you are going to use this mechanism, it is required to limit the administrator default profile as it has permissions for access to all data available on the server. This default role can be renamed as the master administrator and used for those who monitor and configure all projects available on the server. So, for the root group administrator, a new profile must be created. You can use one profile for all projects or create it for each project. Also, user and concierge profiles can be created for all or each project.

Be aware, if you use one root group administrator profile for several projects, and if later you will expand the administrator permissions (e.g., for some projects), this will affect all projects.

How to create a root group administrator profile

Go to the Profiles tab of the User management section.
Click plus icon (in the low left corner).
Enter a profile name (e.g. root group administrator) and add a description (if required).
Select the following permissions:
- access restrictions: can view/create/edit/delete access rules;
- announces: can create/edit/delete/send announces, can view announces;
- conversations: can create conversation/conversation message, can delete conversation, can accept messages from descendant users;
- devices: can view device tasks, can create/edit/delete/view devices, can view device events;
- elevators: can create/edit/delete elevator, can view elevators;
- emergency alerts: can view emergency alerts, can create/edit/delete/playback emergency alerts;
- forward rules: can view/create/edit/delete forward rules;
- groups: can delete/edit group, can create group-descendant;
- identifiers: can view identifiers; can create/edit/delete identifier; can create guest identifier, can import/export identifiers, can view ACS logs;
- markers: can view/create/edit/delete/apply marker;
- profiles: can view roles, can edit role (these rules are applied to the list of available profile types set in the corresponding section);
- schedule: can view/create/edit/delete schedule;
- users: create/edit/delete user;
- virtual numbers: can create/edit/delete/activate virtual number, can mark system virtual numbers;

We do not provide any permissions for call history and сalls, as the user can see all calls of all users with subordinate profiles and can call them (by default).

Add other available profile types that this type can edit (if necessary), e.g. user, concierge.
Save data by clicking the corresponding button in the left low corner.

It is very important to set permissions for user and concierge profiles correctly because this will determine their functionality and scope. You can edit the default profiles or create new ones and the set of permissions can differ depending on the project. But the obligatory permissions for concierge are the following:

announces: can create/edit/delete/send announces, can view announces;
calls: can receive call like concierge, can call to intercom;
conversations: can view all conversations, can send messages to all, can create conversation/conversation message, can accept messages from descendant users;
emergency alerts: can view particular emergency alerts, can playback emergency alerts;
markers: can view marker;

User must have such permissions as:

calls: can call to intercom;
conversations: can create conversation message;
identifiers: can view identifiers; can create guest identifier;

After the profiles are created, they must be applied to the pre-created users. Then users must be added to the groups: root group administrator must be added to the root group (the main progect group), all other users must be added to the corresponding groups.

Example of server configuration for hosting several projects

For example, we are managing 2 separate houses and must create conditions for users to interact only with houses groups they live in. Each house group must have its own administrator with the permissions to edit the list of users, devices, groups, apartments, etc. only within the house they are added to. In addition, each group must have its own resident users and concierges, who must be able to normally interact with each other, but not overlap with neighboring house group.

As the local (root group) administrators of each house have advanced rights only in their groups, the server must have a master administrator who can configure the whole server. So, you must create the profile for this master administrator. The default Administrator profile has all necessary permissions, so leave it, but rename to the master administrator. Apply this profile to the user who will manage the whole server.
Edit the default profile or create a new one for users and set the permissions (they can differ depending on the project). It is very important to set permissions because this will determine their functionality and scope. You can use one profile for all projects or create profiles for each project. In this example, we create separate profiles for each project. User must have such permissions as:
- calls: can call to intercom;
- conversations: can create conversation message;
- identifiers: can view identifiers; can create guest identifier;
Edit the default profile or create a new one for concierge and set the permissions (they can differ depending on the project). It is very important to set permissions because this will determine their functionality and scope. You can use one profile for all projects or create profiles for each project. In this example, we create separate profiles for each project. The obligatory permissions for concierge are:
- announces: can create/edit/delete/send announces, can view announces;
- calls: can receive call like concierge, can call to intercom;
- conversations: can view all conversations, can send messages to all, can create conversation/conversation message, can accept messages from descendant users;
- emergency alerts: can view particular emergency alerts, can playback emergency alerts;
- markers: can view marker;
Create a profile for root group administrator as they must see only their root group, subgroups, device(s), user(s), role(s), access rule(s), logs, etc. You can use one profile for all projects or create profiles for each project. In this example, we create separate profiles. This profile must have the following permissions:
- access restrictions: can view/create/edit/delete access rules;
- announces: can create/edit/delete/send announces, can view announces;
- conversations: can create conversation/conversation message, can delete conversation, can accept messages from descendant users;
- devices: can view device tasks, can create/edit/delete/view devices, can view device events;
- elevators: can create/edit/delete elevator, can view elevators;
- emergency alerts: can view emergency alerts, can create/edit/delete/playback emergency alerts;
- forward rules: can view/create/edit/delete forward rules;
- groups: can delete/edit group, can create group-descendant;
- identifiers: can view identifiers; can create/edit/delete identifier; can create guest identifier, can import/export identifiers, can view ACS logs;
- markers: can view/create/edit/delete/apply marker;
- profiles: can view roles, can edit role (these rules are applied to the list of available profile types set in the corresponding section);
- schedule: can view/create/edit/delete schedule;
- users: create/edit/delete user;
- virtual numbers: can create/edit/delete/activate virtual number, can mark system virtual numbers;
  
  Also, the root group administrator must be allowed to edit all subordinate profiles, so select the corresponding profiles of user and concierge as Available profiles.
Create a root groups that stand for the houses projects, e.g., the 1st group is A residence, and the 2nd is B residence.
Add the required number of subgroups (depending on the project structure).
Add users to the server and apply created profiles to the corresponding users.
Add users to the created groups: root group administrator must be added to the root group (the main project group), and all other users must be added to the corresponding groups.
As a result, the administrator added to the root group can manage and monitor all linked with this group users, access restrictions, devices, schedules, etc. So, they can not influence and access other projects (root groups) they are not linked with. But both root groups are available for the master administrator.