Skip to content
English
  • There are no suggestions because the search field is empty.

Role-Based Access Control in the Organization management

This article explains how Role-Based Access Control works within Organization management.

Important: This article is valid for Enterprise users who already belong to an Organization.

In terms of role-based access control in Organizational management, a Member is understood as a person who does not have an Organizational role. Their access level is limited to specific resources (folder, site, or dataset) to which they are invited within the Organization.

Warning: Members will not have access to Mission Planner and PIX4Dcapture Pro.

Role-Base Access Control on resources

There are two types of roles within an Organization: Organization-level roles and Role-Based Access Control-level in resources.

There are some ways in which Organization roles and Role-Based Access Control-level roles differ:

  • Unlike Organizational roles, the highest role assigned within role-based access control is Manager.
  • Organization users have always been granted access to all resources, but Members can only access the resources they are invited to.
  • Organization-Level Roles and RBAC Inheritance: 
    • Organization-level roles (except for the Member role) are inherited by Role-Based Access Control (RBAC). When operating within the folder hierarchy, only upgrades to these inherited organizational user roles are permitted, and this capability is exclusive to Cloud Drive resources. Downgrades of these specific roles are not allowed in this context.
    • Member role access: The Member role within the organization allows an individual to be invited to collaborate on a specific Cloud Drive resource. Without such an invitation on a particular resource, a Member is not granted access to anything. Once invited, the access is provided directly on that resource. For this "Member" role, the access level can be both upgraded or downgraded as required by a Manager, and these modifications are performed within the Cloud Drive specifically via RBAC.

The current state comprises different roles at the Role-Based Access Control level:

  • Manager: Full access to resource(s) and can manage Members.
  • Editor: Can save measurements and create new folders, sites, and datasets.
  • Reader: Can view folders, sites, and datasets without creation and edit rights.

Access type on resources

HE Inherited Organizational Access: Access inherited by the user's role within the Organization.

Access for these users cannot be deleted from resources. Access for these users must be managed or removed through the User management under the Organization management portal. 

DT Member at the Organization Level (Direct access): Members have been granted access to a specific resource via Role-Based Access Control.

From the Resource Access Management window, it is possible to increase or decrease the role of a member from the dropdown on that resource.

DP Member at the Organization Level (Inherit access): Members have been granted access to a different resource within the tree folder, and their inherited role on the current resource comes from a parent folder.

From the Resource Access Management window, it is possible to increase the role of a member from the dropdown on that resource.

The following graphic shows the relationship of Organization level roles and role inheritances to Role-Base Access Control in PIX4Dcloud Drive.

Cloud_Drive organization_V3

How to invite members to resources

  1. Navigate to the folder, site, or dataset in Drive.
  2. Click on the three-dot menu on the folder, site, or dataset.
    project drive
  3. Click Invite.
  4. In Invite People, enter the email(s) of the Member(s) you want to invite to that resource and assign the roles.
    Invite member portal
  5. Click Send invitation.

Note:

  • If the Member you are inviting does not yet belong to the Organization, then the person will receive a notification email where they have to click Accept invitation.
  • If the Member already belongs to the Organization, then they will receive an email specifying the resource they have been invited to and the role they will have in it.
    Invite editor Org

In Pending invitation, only invitations will be displayed to people who are not yet Members of the Organization.

How to upgrade roles inside resources

The steps to upgrade roles in resources are:

  1. Navigate to the folder, site, or dataset in Drive.
  2. Click on the three dots menu on the folder, Site, or dataset.
  3. Click Invite.
  4. Under User with Access, click the drop-down menu next to the email of the Member whose role should upgraded.
    Users with access

Important:

  • A Manager or Owner can increase the specific role in resources for those inherited Organizational roles of Editor or Readers.
  • If a higher role is granted via this Role-Based Access Control level, the access type color changes to blue, indicating direct access to that specific resource, which differs from the Organizational role.

How to remove Members from resources

Members can only be removed from the resource they were invited to, and all inherited resource permissions will also be removed.

  1. Navigate to the folder, site, or dataset in Drive.
  2. Click on the three-dot menu on the folder, site, or dataset.
  3. Click Invite.
  4. Under User with Access, click the trash icon. 

How to remove Members from the Organization portal permanently

Warning

  • Only Owners and Managers at the Organization level can permanently delete a Member.
  • Removing a Member means that any access they had to Organization resources is removed.

To delete permanently Members from the Organization:

  1. Navigate to the folder, site, or dataset in Drive.
  2. Click Invite.
  3. Click Organization Portal.
    Organization portal
  4. Under User management, click the checkbox associated with the Member email that will be removed from the Organization.
  5. (Optional) More than one Member can be removed from the Organization simultaneously.
  6. Click Remove people.
    delete a member