Overview
The Innomesh Role-Based Access Control (RBAC) system allows administrators to manage user permissions across the Portal and Room Manager environments through roles and user groups. Introduced in version 3.3.0, RBAC provides granular control over which features each user can access, ensuring that team members only see and interact with the areas relevant to their responsibilities.
Users
The Users section displays all registered users in your Innomesh tenancy. Administrators can view and edit user roles or assign groups to users from this page. User details include their SSO provider, account request date, and currently assigned role.
To edit a user’s role or group:
- Navigate to Administration > Users.
- Locate the user in the list.
- Click the user row to open the edit panel.
- Select the desired Role and User Group from the dropdowns.
- Save the changes.
Role changes are enforced when the user next logs in.
❗ Important
Assigning a role to a user overrides the configured permissions of any assigned user groups.
User Groups
User Groups categorise users by organisation, department, or specialisation. Groups serve an organisational purpose and are used for resource access scoping (see the General Tab section below), but they do not directly set permissions.
❗ Important
The User Group section is not the location to set permissions and access within your environment. Use the Roles section for access control.
To create a user group:
- Navigate to Administration > Users > User Groups.
- Click Add Group.
- Enter the group name and description.
- Save the group.
Roles
Roles define the specific access levels a user has across both Room Manager and Portal. Each role is configured through a set of tabs that control different aspects of the platform.
📝 Note
Avoid deleting the default Innomesh roles, as these support core organisational operations.
General Tab
The General tab configures broad access parameters for the role:
| Setting | Options | Description |
|---|---|---|
| User Group Resource Access | All, Own User Group, Custom | Controls which user groups’ resources the role can access. “Own User Group” restricts visibility to resources belonging to the user’s group. “Custom” allows selecting specific groups. |
| Site Access | All sites or Custom | Restricts the role to specific sites or zones. Useful for regional teams who should only manage rooms in their area. |
| Live Chat Access | Enabled / Disabled | Controls whether users with this role can access the live chat support feature. |
📝 Note
Vitals and Insights dashboards do not support site filtering at this time.
Room Manager Tab
The Room Manager tab defines access to Room Manager features. Each access area supports the four permission levels described below.
Administration Access
| Permission | Included in “View Only” | Description |
|---|---|---|
| Access Administration | Yes | Administration menu |
| Zones – view zones | Yes | View zones; download zones CSV |
| Zones – rotate hosts | No | Rotate hosts |
| Hosts – view hosts | Yes | View hosts; download hosts CSV; launch host website |
| Hosts – manage hosts | No | Enable Space VC host; disable Space VC host; drain Space CE host (future) |
| View logs | Yes | View room manager logs only; view all logs (if ip-admin-logs also enabled) |
Rooms Access
| Permission | Included in “View Only” | Description |
|---|---|---|
| View rooms | Yes | View rooms (main Rooms tab); search, download rooms as CSV; view “Rooms Deployed” against template |
| Create & delete rooms | No | Create new Space/Sight/Pulse rooms; delete, duplicate, mass create, mass delete rooms |
| Edit room configuration | No | Edit existing room; move rooms between zones; update room software; upgrade Pulse to Sight; load room from file; update XPanel, VNC, web panel; pull/push template updates |
| Edit room information | No | Edit room information |
| Expose all room options | No | Expose all room options (for Space CE rooms) |
| Launch remote UI panel | Yes | Launch XPanel, VNC, Web Panel |
| Create & delete third-party rooms | No | Create or delete third-party room |
| Edit third-party room configurations | No | Edit third-party room; move between zones; update XPanel |
| Mass onboard UC rooms | No | Mass create Sight rooms for UC management (Microsoft Teams) |
Templates Access
| Permission | Included in “View Only” | Description |
|---|---|---|
| View templates | Yes | View templates; download as CSV; view template via “Template Name” link |
| Create & delete templates | No | Create, delete, duplicate, or mass delete templates |
| Edit template configuration | No | Edit existing template; update software, XPanel, VNC, web panel; load from file; room state mapping (Sight templates) |
| Edit information template association | No | Update information template |
| Edit template room options | No | Update room options |
| Create & delete third-party Template | No | Create or delete third-party template |
| Edit third-party template configurations | No | Edit third-party template; move between zones; update XPanel |
Portal Tab
The Portal tab defines access to Portal features.
Hotlist Access
| Permission | Included in “View Only” | Description |
|---|---|---|
| View Hotlist | Yes | View, search, filter, sort Hotlist; group by room |
| View “Critical” severity alerts | Yes | Critical alert tab |
| View “High” severity alerts | Yes | High alert tab |
| View “Medium” severity alerts | Yes | Medium alert tab |
| View “Low” severity alerts | Yes | Low alert tab |
| View “Notice” severity alerts | Yes | Notice alert tab |
| View “Suppressed” severity alerts | Yes | Suppressed alert tab |
| Claim alerts | No | Claim, mass claim, update alerts; add alert notes (including mass) |
| Manage alerts | No | Assign, mass assign, create ticket, resolve, mass resolve (future), set non-SLA, suppress; manage suppression rules; view alert history |
Vitals Dashboard Access
| Permission | Included in “View Only” | Description |
|---|---|---|
| View Vitals Infrastructure dashboard | Yes | Infrastructure dashboard |
| View Vitals Rooms dashboard | Yes | Rooms dashboard |
| View Vitals Network dashboard | Yes | Network dashboard |
| View Vitals Pulse dashboard | Yes | Pulse dashboard |
| View Vitals Sight dashboard | Yes | Sight dashboard |
| View Vitals Compliance dashboard | Yes | Compliance dashboard |
| View Vitals VNOC dashboard | Yes | VNOC dashboard |
| View Vitals Custom dashboard | Yes | Custom dashboard |
Room Management Access
| Permission | Included in “View Only” | Description |
|---|---|---|
| View rooms | Yes | View Rooms page, Live Info, Insights; sort, filter; “Show Room” link from Assets |
| Manage rooms | No | Set Maintenance; trigger room operations |
| Launch remote UI panel | No | Launch XPanel, VNC, Web Panel |
Room Information Access
| Permission | Included in “View Only” | Description |
|---|---|---|
| View room information | Yes | View, search, sort Room Information; download CSV |
| Edit room information | No | Toggle edit mode and mass edit mode; save or discard edits |
Insights Dashboard Access
| Permission | Included in “View Only” | Description |
|---|---|---|
| View “Rooms” dashboard | Yes | Rooms dashboard |
| View “Usage” dashboard | Yes | Usage dashboard |
| View “Alerts” dashboard | Yes | Alerts dashboard |
| View “Proactive Support” dashboard | Yes | Proactive Support dashboard |
| View “Consumption” dashboard | Yes | Consumption dashboard |
| View “Sight” dashboard | Yes | Sight dashboard |
| View “Ops” dashboard | Yes | Ops dashboard |
| View “Custom” dashboard | Yes | Custom dashboard |
Asset Management Access
| Permission | Included in “View Only” | Description |
|---|---|---|
| View assets | Yes | View Assets page, asset details, live info; sort, filter, customise view; download CSV; view room assets and Hotlist alert asset |
| Manage assets | No | Edit asset details |
| Perform asset operations | No | Trigger asset operations (including mass); filter by operations |
Administration Access
| Permission | Included in “View Only” | Description |
|---|---|---|
| Access administration | Yes | Administration menu |
| Trigger “Change Mode” | No | Change Mode page access and trigger |
| Manage assets & asset profiles | No | Asset profiles; driver, compliance, and custom fields management; asset operations update and file management; operations schedule (future); campaigns (future) |
| View logs | Yes | View room manager logs only; view all logs (if ip-admin-logs also enabled) |
| Manage Users | No | Update or delete user |
| Manage Roles | No | Create, update, or delete role, user group, or SAML role |
| Manage Smart Room Attributes | No | Manage Smart Room Attributes |
| View data import / export configurations | Yes | View data import and export configurations |
| Edit data import / export configurations | No | Create, edit, duplicate, or delete data import and export configurations |
| Manage Summary Views | No | Create, edit, duplicate, or delete Summary Views |
Permission Levels
Each access area within a role offers four permission levels:
| Level | Description |
|---|---|
| All | Full access to all functions within the area |
| View Only | Read-only access; the user can see data but cannot make changes |
| None | No access; the section is hidden from the user |
| Customise | Select specific individual permissions within the area |
When Customise is selected, a list of granular permissions appears. Toggle each permission on or off to tailor access to the exact requirements of the role.
Best Practices
- Start with the default roles and create copies for customisation rather than modifying the originals.
- Use User Group Resource Access to scope data visibility. For example, a regional operations team should only see rooms belonging to their user group.
- Apply the principle of least privilege by granting only the permissions each role requires.
- Review roles periodically to ensure they still align with team responsibilities, especially after organisational changes.
- Document custom roles internally so that new administrators understand the purpose of each role and its intended audience.