Articles on: Administration
This article is also available in:



In the "Permissions" menu, you can configure access permissions and assign them to participants.
In addition, you can generate API keys that can be used with third-party systems.


In this section, roles are defined for the organization, which can be assigned to individual participants.
A role assigns specific permissions (read, edit, create, delete) to the different functions of GroupAlarm (e.g. user, alarm, remote trigger).

The default roles "Organization Owner", "Organization Administrator", " User" and "Support Staff" are predefined by the system and cannot be deleted. You can create any roles needed on top of them.

Click on a role to see a list of all assigned permissions. The services are displayed on the left and the permissions on the right. A black icon means the role has that permission. A gray icon means it does not have that permission.

Create new role

To create a new role, click on the "CREATE ROLE" button.

In the following window, enter a name as well as a description for the new role.

Here you can adjust whether the role, along with its permissions, should be inherited by sub-organizations. You or an authorized administrator can assign this role directly to its users.
If the role is later deleted or the inheritance is deactivated, the associated permissions will be immediately revoked from all assigned users.

Next, one or more of the displayed services need to be selected from the drop-down menu.

In addition to the services, you can select some or all the following permissions for the role:

With the plus symbol, you can add more services.

Confirm the operation with the "CREATE" button.

Edit/delete role

To edit or delete a role, click on the role in the overview and a detail view opens up. Click the green button to edit and the red button to delete.

Permission combinations

The following table lists important permission combinations that can be used within GroupAlarm. Use the following examples to correctly map the above services and permissions to your use case.


This menu is used to assign roles to users. A user can have multiple roles, but is always at least a "user", meaning they have read access to the essential properties (alarms, units, events, labels, organizations, scenarios, participants, appointments) of the organization.

To assign or remove a role from a user, click on them and select/deselect the appropriate roles from the drop-down menu.

API key

With an API key, you can link GroupAlarm to third-party systems and trigger actions within your organization.
A separate API key should be created for each external application, and it grants access to all data of one particular organization.

More detailed information about all interfaces can be found in the API documentation.

To create a new API key, enter a name and click "CREATE". At the same time, you can specify whether the key can be used for all sub-organizations.
After creation, the new key will be displayed to you once. Afterwards, it can only be regenerated, but not displayed again.

To renew a key, click on the arrow button. The secret key will be replaced and displayed to you once. The old key loses its validity immediately.

The trash can icon is used to delete a key.
Not every key can be deleted or displayed. If a key was created by an internal application, e.g. the flow service, it cannot be removed.

this role belongs to an optional extension that must be activated first.

Updated on: 28/09/2022

Was this article helpful?

Share your feedback


Thank you!