Roles and Access Levels
Roles and access levels form the foundation of security in GCXONE. Understanding how these layers interact is essential for properly configuring your team's access.
What Are Roles?
Roles define what users can see and do within the platform. Each role contains a set of privileges (permissions) that determine access to specific features and sections of the application.
A Role is a template that defines which features a user can access and what actions (View, Create, Edit, Delete) they can perform within those features.
Default Role Types
GCXONE provides default roles with predefined permissions, and you can create custom roles to fit specific operational needs:
Company Admin
Full access to all features and settings, including configuring settings for all types of users.
Use Case: IT Directors, Platform Owners, or System Administrators who need complete control over the platform.
Permissions:
- Full access to all applications and features
- Can create and manage roles
- Can configure system-wide settings
- Can invite and manage all users
- Can access all customers and sites
Manager
Supervises operators with permissions to view most objects but limited access to settings.
Use Case: Operations managers, team leads, or supervisors who need oversight capabilities without full administrative access.
Permissions:
- Can view most objects in the platform
- Can run reports and analytics
- Can manage workflows and schedules
- Limited access to system configuration
- Cannot invite users or edit global alarm settings
- Cannot modify roles
Operator
Focuses on day-to-day operational access for monitoring and alarm processing.
Use Case: Daily security desk staff, monitoring center operators, or front-line personnel who handle alarms and surveillance.
Permissions:
- Access to all interface pages for viewing
- Can process alarms and events
- Can view live video feeds
- Can manage devices and cameras (view/edit)
- Can create and edit objects required by workflows (e.g., schedule entries)
- Cannot create or manage major system objects
- Cannot modify system settings
Operator Minimal
Limited view permissions, strictly for processing alarms.
Use Case: Dedicated alarm response personnel who only need to process alarms without full monitoring capabilities.
Permissions:
- Access to limited number of interface pages
- Focus on alarm processing capabilities
- Can create and edit objects required by workflows
- Most restricted default role
End User
Custom role with limited access for customers to view and control their own sites.
Use Case: Client-side personnel needing basic site interaction.
Access Levels Explained
Every role operates at one of three access levels that determine the scope of what users can see and manage within the GCXONE hierarchy:
Hierarchy: Tenant to Customer to Site to Device to Sensor
| Access Level | Description | Use Case |
|---|---|---|
| Service Provider | Access across the entire tenant, including all customers and sites | Platform administrators who manage the entire organization |
| Customer | Access limited to specific customer account(s) and their associated sites | Account managers or operators who work with specific customers |
| Site | Access limited to specific physical locations only | Installers or technicians who work at particular sites |
Key Point: A Customer can have multiple sites under it. The access level determines the boundary of what a user can see and manage within the hierarchy.
Roles vs. Access Levels vs. Customer Groups
It's common to confuse these three types of filtering. Here is the breakdown:
- Role: What features are available? (Permissions)
- Access Level: How broad is the hierarchy view? (Scope)
- Customer Group: Which specific customers are visible? (Filter)
Example Scenario
An Operator (Role) at the Customer level (Access Level) assigned to the "London Sites" (Customer Group) will see only the monitoring tools for London-based clients.
Permissions Tiering
Permissions are enforced at three distinct levels:
- App Level: Which apps show up in the sidebar (Dashboard, Monitoring, Config).
- Category Level: Which sections are visible within an app (Devices, Users, Alarms).
- Action Level: Whether a user can View, Create, Edit, or Delete a specific item.
Related Articles
Related Articles
Next: