This article explains how Role-Based Access Control works within Organization management.
Important: This article is valid for Enterprise users who already belong to an Organization.
IN THIS ARTICLES
Role-Based Access Control on resources
Access type on resources
How to invite members to resources
How to upgrade roles inside resources
How to remove Members from resources
How to remove Members from the Organization portal permanently
In terms of role-based access control in Organizational management, a Member is understood as a person who does not have an Organizational role. Their access level is limited to specific resources (folder, site, or dataset) to which they are invited within the Organization.
Warning: Members will not have access to Mission Planner and PIX4Dcapture Pro.
Role-Base Access Control on resources
There are two types of roles within an Organization: Organization-level roles and Role-Based Access Control-level in resources.
There are some ways in which Organization roles and Role-Based Access Control-level roles differ:
- Unlike Organizational roles, the highest role assigned within role-based access control is Manager.
- Organization users have always been granted access to all resources, but Members can only access the resources they are invited to.
- At the Organization level, user roles can be upgraded or downgraded indistinctly. However, at the Role-Based Access Control level, only the role assigned to a Member can be upgraded inside the folder hierarchy.
The current state comprises different roles at the Role-Based Access Control level:
- Manager: Full access to resource(s) and can manage Members.
- Editor: Can save measurements and create new folders, sites, and datasets.
- Reader: Can view folders, sites, and datasets without creation and edit rights.
Access type on resources
Inherited Organizational Access: Access inherited by the user's role within the Organization.
Access for these users cannot be deleted from resources. Access for these users must be managed or removed through the User management under the Organization management portal.
Member at the Organization Level (Direct access): Members have been granted access to a specific resource via Role-Based Access Control.
From the Resource Access Management window, it is possible to increase or decrease the role of a member from the dropdown on that resource.
Member at the Organization Level (Inherit access): Members have been granted access to a different resource within the tree folder, and their inherited role on the current resource comes from a parent folder.
From the Resource Access Management window, it is possible to increase the role of a member from the dropdown on that resource.
The following graphic shows the relationship of Organization level roles and role inheritances to Role-Base Access Control in PIX4Dcloud Drive.
The table explains access to different resources based on the user's role at the Organization and Role-Base Access Control levels. It also shows whether roles can be upgraded or downgraded.
* Users invited to PIX4Dcloud Drive resources with direct access roles will automatically become Members of the organization if they are not already.
** If a resource has child items organized in a tree structure, any user with a direct access role on the parent resource will automatically have that same role inherited for the child items.
How to invite members to resources
- Navigate to the folder, site, or dataset in Drive.
- Click on the three-dot menu on the folder, site, or dataset.
- Click Invite.
- In Invite People, enter the email(s) of the Member(s) you want to invite to that resource and assign the roles.
- Click Send invitation.
Note:
- If the Member you are inviting does not yet belong to the Organization, then the person will receive a notification email where they have to click Accept invitation.
- If the Member you are inviting does not yet have a Pix4D account, then they will have to choose the account creation. For more information, Sign-up, login and logout - PIX4Dcloud.
- If the Member you are inviting does not yet have a Pix4D account, then they will have to choose the account creation. For more information, Sign-up, login and logout - PIX4Dcloud.
- If the Member already belongs to the Organization, then they will receive an email specifying the resource they have been invited to and the role they will have in it.
In Pending invitation, only invitations will be displayed to people who are not yet Members of the Organization.
How to upgrade roles inside resources
The steps to upgrade roles in resources are:
- Navigate to the folder, site, or dataset in Drive.
- Click on the three dots menu on the folder, Site, or dataset.
- Click Invite.
- Under User with Access, click the drop-down menu next to the email of the Member whose role should upgraded.
Important:
- A Manager or Owner can increase the specific role in resources for those inherited Organizational roles of Editor or Readers.
- If a higher role is granted via this Role-Based Access Control level, the access type color changes to blue, indicating direct access to that specific resource, which differs from the Organizational role.
How to remove Members from resources
Members can only be removed from the resource they were invited to, and all inherited resource permissions will also be removed.
- Navigate to the folder, site, or dataset in Drive.
- Click on the three-dot menu on the folder, site, or dataset.
- Click Invite.
- Under User with Access, click the trash icon.
How to remove Members from the Organization portal permanently
Warning:
- Only Owners and Managers at the Organization level can permanently delete a Member.
- Removing a Member means that any access they had to Organization resources is removed.
To delete permanently Members from the Organization:
- Navigate to the folder, site, or dataset in Drive.
- Click Invite.
- Click Organization Portal.
- Under User management, click the checkbox associated with the Member email that will be removed from the Organization.
- (Optional) More than one Member can be removed from the Organization simultaneously.
- Click Remove people.
