1. Home
  2. Deployment Guides
  3. Innomesh RBAC Authorisation Guide

Innomesh RBAC Authorisation Guide

This article aims to guide all environment holders in setting up new users and managing their permissions within the Portal and Room Manager environment. It specifically addresses the implementation of the Role-Based Access Control (RBAC) feature introduced in Innomesh version 3.3.0.

To access RBAC, navigate to the Innomesh Portal and select the “Administration” option from the dropdown menu by hovering over your name in the top right corner of the page.

Hovering over your name on Portal will give you the option to select Administration

Once on the Administration page, you will need to click on “Users” from the dropdown menu under “Users” to access the RBAC options, as shown below:

Users

In the Users section, administrators have the ability to view and edit specific user roles or assign groups to users. This allows administrators to restrict a user’s access based on the predefined configurations of the assigned group.

When hovering over the right side of a user, the options for editing and deleting become visible.

Engaging in user editing within the RBAC feature.

When attempting to edit a user, you can view the following information in this section: the user’s details, including their Single Sign-On (SSO) provider and the date they initially requested an account as shown below:

User requests an account by attempting to log in with their SSO or SAML account which shows you their details in the Users list without any prior permissions.

Roles

You can edit a user’s roles by selecting from the pre-configured roles provided by your administrator.

Assigning roles to a user overrides the configured permissions of the assigned groups.

Choose your configured role permissions from the dropdown menu.

User Group

The user group dropdown option enables you to choose a specific configured group.

Choose your configured group from the dropdown menu.

User Groups

User Groups are groupings by which users can be categorised. User Groups can represent organisations, departments, and specialisations. Within the user group, you have the ability to create or delete a specific group.

Please note that the User Group section is not the location to set permissions and access within your environment. The “Roles” tab is responsible for permissions and access control.

Creating a Group

You can start the group making process by clicking “Create New” as shown in previous photo which would lead you to a window as shown below:

Roles

Roles define how much access a user has into the Innomesh Room Manager and Portal. Each Role defines a fine list of access permissions into various sections of Room Manager and Portal, as well as which campus and which User Groups’ rooms the user is allowed to access. Roles are enforced on the user when they next log in.

In this section, you can create, edit, and delete your desired roles. This is the core aspect of RBAC, empowering you to configure all permissions, including those associated with specific groups.

Creating a Role

Please avoid deleting default Innomesh roles, as these are essential for Innomate/UXT support in your environment. Modifying their permissions may impact associated staff.

To create a new role, click the “New Role” button, as shown in the previous image. This action will open a window, presenting the necessary options for configuring a role:

Creating a role named “Testing Role”

General

Within the General tab, you can manage and set up the role’s general access to the platform. Below are descriptions of each option:

User Group Resource Access

This determines which User Group’s rooms this role can access.

  • The “All” option grants users access to edit every group’s rooms.
  • With the “Own User Group” option, users can only access and edit rooms within their own user group, as demonstrated below. (eg. Testing Group for user John Smith)
  • The “Custom” option allows you to select specific user groups that you would like this role to access as shown below:

Please note that User group does not define the role/access permissions to the platform.

Site Access

Site Access determines which site this role can access. It can be set to “All” if the corresponding option is selected, or it can return an array of sites if “Custom” is chosen.

Please note that “Vitals” and “Insights” dashboards do not support site filtering at this time.

Please note that sites may not be specifically configured for your environment. If you wish to request or inquire about setting up site filters for your environment, you can contact our support team here.

Live Chat Access

Choose “Yes” or “No” based on your preferences for users with this role to access via live chat.

Room Manager

This tab allows you to configure and restrict this role to determine what users can view and edit within the Innomesh Room Manager.

Demonstrating the Room Manager tab during the creation of a role.
Administration Access

This field enables you to customise what this role can do within Innomesh’s administration section.

Permission NameIncluded in “View Only”Description
Access Administration– Administration menu
Zones – view zones– View zones
– Download zones CSV
Zones – rotate hosts– Rotate hosts
Hosts – view hosts– View hosts
– Download hosts CSV
– Launch host website
Hosts – manage hosts– Enable Space VC host
– Disable Space VC host
– Drain Space CE host (future)
View logs– View room manager logs only
– View all logs (if ip-admin-logs also enabled)
  • The “All” option allows the user to view and access all of the functions in the table above
  • The “View only” option permits users to only view the functions marked as “Included in “View Only” from the table above.
  • The “None” option restricts users from accessing the rooms tab.
  • The “Customise” option allows you to choose the specific fields that the user can view and access within the Rooms tab from the table above:
Rooms Access

This field allows you to configure the permissions for this role within the Room Manager’s “Rooms” tab.

Permission NameIncluded in “View Only”Description
View rooms– View rooms (Main Rooms tab)
– Search rooms
– Download rooms as CSV
– View “Rooms Deployed” against template (in Templates section, assuming user has “View templates” permission)
Create & delete rooms– Create new Space, Sight, Pulse room
– Delete room
– Duplicate room
– Mass create room
– Mass delete rooms
Edit room configuration– Edit existing room
– Move rooms between zones
– Update room software
– Upgrade Pulse to Sight
– Load room from file
– Update XPanel
– Update VNC
– Update web panel
– Pull update from template
– Push template update to rooms
Edit room information– Edit room information
Expose all room options– Expose all room options (for Space CE rooms)
Launch remote UI panel– Launch XPanel, VNC, Web Panel
Create & delete third-party rooms– Create third party room
– Delete third party room
Edit third-party room configurations– Edit third-party room
– Move third-party room between zones
– Update XPanel
Mass onboard UC rooms– Mass create Sight rooms for UC management (for Microsoft Teams)
  • The “All” option allows the user to view and access all of the functions in the table above
  • The “View only” option permits users to only view the functions marked as “Included in “View Only” from the table above.
  • The “None” option restricts users from accessing the rooms tab.
  • The “Customise” option allows you to choose the specific fields that the user can view and access within the Rooms tab from the table above:
Templates Access

This field allows you to configure the permissions for this role within the Room Manager’s “Templates” tab.

Permission NameIncluded in “View Only”Description
Create & delete third-party Template– Create third party template
– Delete third party template
Edit third-party template configurations– Edit third-party template
– Move third-party template between zones
– Update XPanel
View templates– View templates
– Download templates as CSV
– View Template via “Template Name” link (in Rooms section)
Create & delete templates– Create new template
– Delete template
– Duplicate template
– Mass delete templates
Edit template configuration– Edit existing template
– Update template software
– Update XPanel
– Update VNC
– Update web panel
– Load template from file
– Room state mapping (for Sight templates)
Edit information template association– Update Information Template
Edit template room options– Update Room Options
  • The “All” option allows the user to view and access all of the functions in the table above
  • The “View only” option permits users to only view the functions marked as “Included in “View Only” from the table above.
  • The “None” option restricts users from accessing the rooms tab.
  • The “Customise” option allows you to choose the specific fields that the user can view and access within the Rooms tab from the table above:

Portal

This tab enables you to define and limit the role’s scope in terms of what users can view and accomplish within the Innomesh Portal

Hotlist Access

This field allows you to configure the permissions for this role within the Portal’s “Hotlist” tab.

Permission NameIncluded in “View Only”Description
View Hotlist– View hotlist
– Search hotlist
– Filter hotlist
– Sort hotlist
– Hotlist group by room
View “Critical” severity alerts– Hotlist “critical” severity alert tab
View “High” severity alerts– Hotlist “high” severity alert tab
View “Medium” severity alerts– Hotlist “medium” severity alert tab
View “Low” severity alerts– Hotlist “low” severity alert tab
View “Notice” severity alerts– Hotlist “notice” severity alert tab
View “Suppressed” severity alerts– Hotlist “suppressed” severity alert tab
Claim alerts– Claim alert
– Mass claim alerts
– Update alerts (add alert notes)
– Mass add alert notes
Manage alerts– Assign alert
– Mass assign alerts
– Create ticket
– Resolve alert
– Mass resolve alerts (future)
– Set alert as non-SLA
– Suppress alert
– Manage Suppressed Alert rules
– View alert history
  • The “All” option allows the user to view and access all of the functions in the table above
  • The “View only” option permits users to only view the functions marked as “Included in “View Only” from the table above.
  • The “None” option restricts users from accessing the rooms tab.
  • The “Customise” option allows you to choose the specific fields that the user can view and access within the Rooms tab from the table above:
Vitals Dashboard Access

This field allows you to configure the permissions for this role within the Portal’s “Vitals Dashboard” tab.

Permission NameIncluded in “View Only”Description
View Vitals Infrastructure dashboard– View Vitals Infrastructure dashboard
View Vitals Rooms dashboard– View Vitals Rooms dashboard
View Vitals Network dashboard– View Vitals Network dashboard
View Vitals Pulse dashboard– View Vitals Pulse dashboard
View Vitals Sight dashboard– View Vitals Sight dashboard
View Vitals Compliance dashboard– View Vitals Compliance dashboard
View Vitals VNOC dashboard– View Vitals VNOC dashboard
View Vitals Custom dashboard– View Vitals Custom dashboard
  • The “All” option allows the user to view and access all of the functions in the table above
  • The “View only” option permits users to only view the functions marked as “Included in “View Only” from the table above.
  • The “None” option restricts users from accessing the rooms tab.
  • The “Customise” option allows you to choose the specific fields that the user can view and access within the Rooms tab from the table above:
Room Management Access

This field allows you to configure the permissions for this role within the Portal’s “Rooms” tab.

Permission NameIncluded in “View Only”Description
View rooms– View Rooms page
– View Rooms Live Info
– View Rooms Insights
– Sort Rooms
– Filter Rooms
– “Show Room” link (from Assets page)
Manage rooms– Set Maintenance
– Trigger Room Operations
Launch remote UI panel– Launch XPanel
– Launch VNC
– Launch Web Panel
  • The “All” option allows the user to view and access all of the functions in the table above
  • The “View only” option permits users to only view the functions marked as “Included in “View Only” from the table above.
  • The “None” option restricts users from accessing the rooms tab.
  • The “Customise” option allows you to choose the specific fields that the user can view and access within the Rooms tab from the table above:
Room Information Access

This field allows you to configure the permissions for this role within the Portal’s “Information” tab.

Permission NameIncluded in “View Only”Description
View room information– View Room Information page
– Search Room Information
– Sort Room Information
– Download Room Information CSV
Edit room information– Toggle Edit Mode
– Toggle Mass Edit Mode
– Save Edits
– Discard Edits
  • The “All” option allows the user to view and access all of the functions in the table above
  • The “View only” option permits users to only view the functions marked as “Included in “View Only” from the table above.
  • The “None” option restricts users from accessing the rooms tab.
  • The “Customise” option allows you to choose the specific fields that the user can view and access within the Rooms tab from the table above:
Insights Dashboard Access

This field allows you to configure the permissions for this role within the Portal’s “Insights Dashboard” tab.

Permission NameIncluded in “View Only”Description
View “Rooms” dashboard– View Insights Rooms dashboard
View “Usage” dashboard– View Insights Usage dashboard
View “Alerts” dashboard– View Insights Alerts dashboard
View “Proactive Support” dashboard– View Insights Proactive Support dashboard
View “Consumption” dashboard– View Insights Consumption dashboard
View “Sight” dashboard– View Insights Sight dashboard
View “Ops” dashboard– View Insights Ops dashboard
View “Custom” dashboard– View Insights Custom dashboard
  • The “All” option allows the user to view and access all of the functions in the table above
  • The “View only” option permits users to only view the functions marked as “Included in “View Only” from the table above.
  • The “None” option restricts users from accessing the rooms tab.
  • The “Customise” option allows you to choose the specific fields that the user can view and access within the Rooms tab from the table above:
Asset Management Access

This field allows you to configure the permissions for this role within the Portal’s “Assets” tab.

Permission NameIncluded in “View Only”Description
View assets– View Assets page
– View Asset details
– View Asset live info
– Sort Assets
– Filter Assets
– Customise Asset view
– Download Assets CSV
– View room assets (from Rooms page)
– View hotlist alert asset (link from hotlist alert details view)
Manage assets– Edit Asset Details
Perform asset operations– Trigger Asset Operations
– Mass Trigger Asset Operations
– Filter by Operations
  • The “All” option allows the user to view and access all of the functions in the table above
  • The “View only” option permits users to only view the functions marked as “Included in “View Only” from the table above.
  • The “None” option restricts users from accessing the rooms tab.
  • The “Customise” option allows you to choose the specific fields that the user can view and access within the Rooms tab from the table above:
Administration Access

This field allows you to configure the permissions for this role within the Portal’s “Administration” section.

Permission NameIncluded in “View Only”Description
Access administration– Administration menu
Trigger “Change Mode”– Change Mode page access
– Change Mode trigger
Manage assets & asset profiles– Asset profiles
– Asset driver management
– Asset compliance management
– Custom asset fields
– Asset operations update and file management
– Asset operations schedule (future)
– Asset campaigns (future)
View logs– View room manager logs only
– View all logs (if ip-admin-logs also enabled)
Manage Users– Update User
– Delete User
Manage Roles– Create Role
– Update Role
– Delete Role
– Create User Group
– Update User Group
– Delete User Group
– Update SAML Roles
– Delete SAML Roles
Manage Smart Room Attributes– Manage Smart Room Attributes
View data import / export configurations– View data import configurations
– View data export configurations
Edit data import / export configurations– Create data import configurations
– Create data export configurations
– Edit data import configurations
– Edit data export configurations
– Duplicate data import configurations
– Duplicate data export configurations
– Delete data import configurations
– Delete data export configurations
Manage Summary Views– Create Summary View
– Edit Summary View
– Duplicate Summary View
– Delete Summary View
  • The “All” option allows the user to view and access all of the functions in the table above
  • The “View only” option permits users to only view the functions marked as “Included in “View Only” from the table above.
  • The “None” option restricts users from accessing the rooms tab.
  • The “Customise” option allows you to choose the specific fields that the user can view and access within the Rooms tab from the table above:

Feel free to reach out to Support Team if you have any questions or inquiries regarding the setup of specific roles within your environment.

Related Articles