Related articles:
| Organization management - overview | Team Access Control on resources | Team Access Control on licenses |
Access:
- A Team Access Control license is required. To request a license, please contact Sales.
- Log in with Pix4D credentials at https://account.pix4d.com/home.
IN THIS ARTICLE
Team Access Control on resources
Access type on resources
How to invite members to resources
How to upgrade roles inside resources
How to remove Members from resources
How to remove Members from the Organization portal permanently
In terms of Team Access Control in Organizational management, a Member is understood as a person who does not have an Organizational role. Their access level is limited to specific resources (folder, site, or dataset) to which they are invited within the Organization.
Information: This functionality is only available for PIX4Dcloud Teams and PIX4Dcloud Enterprise customers.
Team Access Control on resources
There are two types of roles within an Organization: Organization-level roles and Team Access Control-level in resources.
There are some ways in which Organization roles and Team Access Control-level roles differ:
- Unlike Organizational roles, the highest role assigned within Team Access Control is Manager.
- Organization users have always been granted access to all resources, but Members can only access the resources to which they are invited.
- Organization-Level Roles and RBAC Inheritance:
- Organization-level roles (except for the Member role) are inherited by Team Access Control (TAC). When operating within the folder hierarchy, only upgrades to these inherited organizational user roles are permitted, and this capability is exclusive to Cloud Drive resources. Downgrades of these specific roles are not allowed in this context.
- Member role access: The Member role within the organization allows an individual to be invited to collaborate on a specific Cloud Drive resource. Without such an invitation on a particular resource, a Member is not granted access to anything. Once invited, the access is provided directly on that resource. For this "Member" role, the access level can be both upgraded or downgraded as required by a Manager, and these modifications are performed within the Cloud Drive specifically via Team Access Control.
The current state comprises different roles at the Team Access Control level:
- Manager: Full access to resource(s) and can manage Members.
- Editor: Can save measurements and create new folders, sites, and datasets.
- Reader: Can view folders, sites, and datasets without creation and edit rights.
Access type on resources
Inherited Organizational Access: (Owner, Manager, Editor, or Reader):
Access is automatically granted to existing users based on their organizational role. Individual resource access cannot be revoked for these users. To modify or remove this global organizational access, an Owner or Manager must update the user's role in the Organization Management portal.
Direct Access: (Granting Access to the Member role or Upgrading Access to Inherited Organizational Roles)
Direct access allows you to grant specific Member users access to resources or enhance existing users with Inherited Organizational Role access. Users with Owner or Manager access at the resource level can invite others and grant them collaborative Direct Access with any access role type (Manager, Editor, or Reader).
- Members at the organization level: These users can only be granted access to specific resources directly through the Cloud user interface, with an assigned Direct access role.
- Users with Inherited Organizational Role Access (Editor or Reader): Their access permissions for a specific resource can be upgraded via the Cloud’s Resource Access Management page for that resource.
Important: While inherited organizational roles can be upgraded for a specific resource, they can never be downgraded. For instance, an Editor at the organizational level can be granted Manager Direct access to a particular resource, but cannot be downgraded to Reader for that same resource.
Inherited Access from Parent Resource: This access type originates from a parent folder where Direct Access was granted to the user. It extends to all resources within that folder. To modify this access, changes must be applied at the parent folder level where the Direct Access was initially established.
How to invite members to resources
- Navigate to the folder, site, or dataset in Drive.
- Click on the three-dot menu on the folder, site, or dataset.
- Click Invite.
- In Invite People, enter the email(s) of the Member(s) you want to invite to that resource and assign the roles.
- Click Send invitation.
Note:
- If the Member you are inviting does not yet belong to the Organization, then the person will receive a notification email where they have to click Accept invitation.
- If the Member you are inviting does not yet have a Pix4D account, then they will have to choose the account creation. For more information, Sign-up, login and logout - PIX4Dcloud.
- If the Member you are inviting does not yet have a Pix4D account, then they will have to choose the account creation. For more information, Sign-up, login and logout - PIX4Dcloud.
- If the Member already belongs to the Organization, then they will receive an email specifying the resource they have been invited to and the role they will have in it.
In Pending invitation, only invitations will be displayed to people who are not yet Members of the Organization.
How to upgrade roles inside resources
The steps to upgrade roles in resources are:
- Navigate to the folder, site, or dataset in Drive.
- Click on the three dots menu on the folder, Site, or dataset.
- Click Invite.
- Under User with Access, click the drop-down menu next to the email of the Member whose role should upgraded.
Important:
- A Manager or Owner can increase the specific role in resources for those inherited Organizational roles of Editor or Readers.
- If a higher role is granted via this Team Access Control level, the access type color changes to blue, indicating direct access to that specific resource, which differs from the Organizational role.
How to remove Members from resources
Members can only be removed from the resource they were invited to, and all inherited resource permissions will also be removed.
- Navigate to the folder, site, or dataset in Drive.
- Click on the three-dot menu on the folder, site, or dataset.
- Click Invite.
- Under User with Access, click the trash icon.
How to remove Members from the Organization portal permanently
Warning:
- Only Owners and Managers at the Organization level can permanently delete a Member.
- Removing a Member means that any access they had to Organization resources is removed.
To delete permanently Members from the Organization:
- Navigate to the folder, site, or dataset in Drive.
- Click Invite.
- Click Organization Portal.
- Under User management, click the checkbox associated with the Member email that will be removed from the Organization.
- (Optional) More than one Member can be removed from the Organization simultaneously.
- Click Remove people.
