Permissions
In the "Permissions" menu, you can configure access permissions and assign them to participants.
In addition, you can generate API keys that can be used with third-party systems.
In the Roles tab, permission roles can be created and assigned to participants.
Such a permission role assigns certain permissions to the various GroupAlarm functions, such as participants, alarms or remote triggering.
The default roles Organization owner, Organization Administrator, Participants and Support staff are predefined by the system and cannot be deleted. Additional custom roles can be created on top of them.
1️⃣ To create a new role, click on the CREATE ROLE button. Details on creating a role can be found here.
2️⃣ To have a closer look at the permissions and services of a role, click on the eye next to the corresponding role. These are then displayed in a detailed view on the right-hand side.
If you want to delete a role, click on the trash bin next to the role you would like to remove.
⚠️ If the role is deleted, the associated permissions are immediately withdrawn from all assigned participants.
3️⃣ In the detailed view, you can see the services of the corresponding role with the respective permissions. The icons make it easy to see which permissions are active for an individual service. A filled icon indicates that the permission has been granted. A greyed-out icon, on the other hand, indicates that the service does not have this permission. A description of the various permissions can be found here.
4️⃣ You can edit an existing role using the pencil.
1️⃣ In the input fields for Name and Description, you can name your permission role and optionally add a description. Both the name and the description are then displayed in the overview.
2️⃣ The functions Inherit role in sub-organizations and Role usable in sub-organizations allow you to make permissions available in sub-organizations.
The function Inherit role in sub-organizations ensures that the permission role itself is available in the sub-organizations and can be assigned to participants.
The function Role usable in sub-organizations, on the other hand, means that participants who have this role in the parent organization automatically also receive the corresponding permissions in all sub-organizations. This applies regardless of whether the participant belongs to the sub-organizations.
When the function Role usable in sub-organizations is activated, the role is also automatically inherited into the sub-organizations.
💡 If you activate Role usable in sub-organizations, reading rights are automatically added for the Organizations service.
3️⃣ The Service selection field can be used to select one or more services for the permission role. Each service represents certain functions in GroupAlarm.
4️⃣ Once the services have been selected, the permissions that the owner of the role may execute, are defined.
The following permissions are available:
5️⃣ Additional services can be added to the role via the plus button, e.g. to provide them with other permission combinations. Such a service / permission combination can be removed again via the trash bin.
6️⃣ The changes take effect when you exit the view using the CREATE button.
The following table lists some important permission combinations that can be used within GroupAlarm.
1️⃣ In the tab Assignment, roles can be assigned to participants. A participant can have several roles, but retains at least the Participants role.
2️⃣ The roles of a participant are managed via the respective icon with the pencil. In the detailed view, roles can then be added or removed via the selection field.
1️⃣ In the API Keys tab, the API keys of GroupAlarm can be managed. With an API key, you can link GroupAlarm with third-party systems and trigger actions within your organization.
💡 A separate API key should be created for each external application. With such a key, you have access to all the data of the organization.
More detailed information about all interfaces can be found in the API documentation.
2️⃣ All existing API keys are listed in the overview. For security reasons, an API key is only displayed once when it is created. It is not possible to display the key again. However, you can regenerate an existing API key using the round symbol with the arrow. The new key is then displayed once again.
❗️ If an API key is regenerated, the old key immediately loses its validity.
An API key can be deleted by clicking the trash bin next to the respective key.
⚠️ If a key was created by an internal application, e.g. the flow service, it cannot be displayed, regenerated or removed.
3️⃣ To create a new API key, enter a name and click on CREATE. At the same time, you can specify whether the key can also be used in all sub-organizations.
In addition, you can generate API keys that can be used with third-party systems.
Roles
In the Roles tab, permission roles can be created and assigned to participants.
Such a permission role assigns certain permissions to the various GroupAlarm functions, such as participants, alarms or remote triggering.
The default roles Organization owner, Organization Administrator, Participants and Support staff are predefined by the system and cannot be deleted. Additional custom roles can be created on top of them.
1️⃣ To create a new role, click on the CREATE ROLE button. Details on creating a role can be found here.
2️⃣ To have a closer look at the permissions and services of a role, click on the eye next to the corresponding role. These are then displayed in a detailed view on the right-hand side.
If you want to delete a role, click on the trash bin next to the role you would like to remove.
⚠️ If the role is deleted, the associated permissions are immediately withdrawn from all assigned participants.
3️⃣ In the detailed view, you can see the services of the corresponding role with the respective permissions. The icons make it easy to see which permissions are active for an individual service. A filled icon indicates that the permission has been granted. A greyed-out icon, on the other hand, indicates that the service does not have this permission. A description of the various permissions can be found here.
4️⃣ You can edit an existing role using the pencil.
Create / Edit role
1️⃣ In the input fields for Name and Description, you can name your permission role and optionally add a description. Both the name and the description are then displayed in the overview.
2️⃣ The functions Inherit role in sub-organizations and Role usable in sub-organizations allow you to make permissions available in sub-organizations.
The function Inherit role in sub-organizations ensures that the permission role itself is available in the sub-organizations and can be assigned to participants.
The function Role usable in sub-organizations, on the other hand, means that participants who have this role in the parent organization automatically also receive the corresponding permissions in all sub-organizations. This applies regardless of whether the participant belongs to the sub-organizations.
When the function Role usable in sub-organizations is activated, the role is also automatically inherited into the sub-organizations.
💡 If you activate Role usable in sub-organizations, reading rights are automatically added for the Organizations service.
3️⃣ The Service selection field can be used to select one or more services for the permission role. Each service represents certain functions in GroupAlarm.
4️⃣ Once the services have been selected, the permissions that the owner of the role may execute, are defined.
The following permissions are available:
5️⃣ Additional services can be added to the role via the plus button, e.g. to provide them with other permission combinations. Such a service / permission combination can be removed again via the trash bin.
6️⃣ The changes take effect when you exit the view using the CREATE button.
Examples of permission combinations
The following table lists some important permission combinations that can be used within GroupAlarm.
Assignment
1️⃣ In the tab Assignment, roles can be assigned to participants. A participant can have several roles, but retains at least the Participants role.
2️⃣ The roles of a participant are managed via the respective icon with the pencil. In the detailed view, roles can then be added or removed via the selection field.
API Keys
1️⃣ In the API Keys tab, the API keys of GroupAlarm can be managed. With an API key, you can link GroupAlarm with third-party systems and trigger actions within your organization.
💡 A separate API key should be created for each external application. With such a key, you have access to all the data of the organization.
More detailed information about all interfaces can be found in the API documentation.
2️⃣ All existing API keys are listed in the overview. For security reasons, an API key is only displayed once when it is created. It is not possible to display the key again. However, you can regenerate an existing API key using the round symbol with the arrow. The new key is then displayed once again.
❗️ If an API key is regenerated, the old key immediately loses its validity.
An API key can be deleted by clicking the trash bin next to the respective key.
⚠️ If a key was created by an internal application, e.g. the flow service, it cannot be displayed, regenerated or removed.
3️⃣ To create a new API key, enter a name and click on CREATE. At the same time, you can specify whether the key can also be used in all sub-organizations.
Updated on: 09/07/2024
Thank you!