🛡️ Roles and Access Levels
Roles and access levels form the foundation of security in GCXONE. Understanding how these layers interact is essential for properly configuring your team's access.
What Are Roles?
A Role is a template that defines which features a user can access and what actions (View, Create, Edit, Delete) they can perform within those features.
Default Role Types
Full access. Can manage every setting in the platform, including role creation and tenant-wide configurations.
- Use Case: IT Directors or Platform Owners.
Access Levels (Scope)
While a Role defines what you can do, an Access Level defines how broad your view is.
| Access Level | Visible Scope | Primary Use Case |
|---|---|---|
| Service Provider | The entire Tenant (all clients & sites). | Internal support and platform admins. |
| Customer | A specific organization and its sites. | Client-side security managers. |
| Site | Only specific physical locations. | On-site technicians or store managers. |
Roles vs. Access Levels vs. Customer Groups
It's common to confuse these three types of "Filtering." Here is the breakdown:
- Role: What features are available? (Permissions)
- Access Level: How broad is the hierarchy view? (Scope)
- Customer Group: Which specific customers are visible? (Filter)
Example Scenario
An Operator (Role) at the Customer level (Access Level) assigned to the "London Sites" (Customer Group) will see only the monitoring tools for London-based clients.
Permissions Tiering
Permissions are enforced at three distinct levels:
- App Level: Which apps show up in the sidebar (Dashboard, Monitoring, Config).
- Category Level: Which sections are visible within an app (Devices, Users, Alarms).
- Action Level: Whether a user can View, Create, Edit, or Delete a specific item.