(i) The text below is only about user permissions, but it also applies to application permissions (only for Building Automation).

You can grant permissions to a user in two ways: via roles and via the user-specific permissions. A combination is also possible: the user then gets the permissions defined in the role(s) plus the user-specific permissions. The user-specific permissions tile does not show the permissions the user has because of being assigned a role.

A role includes a set of permissions. The use of roles makes it easy to give multiple users predefined sets of permissions at once. You can assign one or more roles to a user. Assign roles to users either via the Roles tab per role or via the Users tab per user.

Default roles

A default role contains a set of permissions predefined by Priva. It is not possible to change or delete a default role.

Currently, there are only two default user roles:

• Administrator
  This role includes all permissions available for your organization (depends on the subscription).
• Priva Installation Partner (only for Horticulture)
  This role includes the permissions required to install and maintain horticultural systems.

It may change which permissions are available to your organization. For instance, if your organization changes the subscription or if Priva adds or removes permissions for new/old software features. The added or removed permissions will automatically be added to or removed from the relevant default role(s). 

There are no default application roles yet.

Custom roles

You can create custom roles via the Roles tab. In a custom role you include a set of permissions that fits your organization.

Note that assigning access to locations is not included in roles.