Kisi news | Kisi vision
December 28, 2022
Kisi news | Kisi features
New user roles in Kisi allow you to share more granular access rights, so you only assign permissions that users really need.
2 min reading time
We have listened to feedback from our most active users and are now introducing more granular access rights based on roles. As organizations grow larger with tens of places and hundreds of groups, assigning users just the access rights they need becomes more and more important to protect both admins and users from malicious or unintended privilege escalations.
We’ve redesigned user roles following the ‘Principle of least privilege.’ This basic information security concept states that every part of a system must be able to access only the resources necessary to perform its task. Or in Kisi terms, this means that users’ access rights are limited to the minimum of what they need.
To achieve this, we’ve created place-scoped resources, such as place groups. Now, we allow assigning roles on three different levels: organization, place, and group level:
1) Organization level roles allow you to share more granular access rights for resources that affect your entire Kisi organization. For example, a user can have the permission to perform auditing and reporting tasks, but not unlock doors and share access.
2) Place level roles allow you to manage facilities separately while maintaining a unified user list. For example, a Place Administrator at a warehouse will not be able to share access to the headquarters, even though both buildings are part of the same organization.
3) Group level roles only allow users to operate on the resources of a specific group. A Group Manager can create and delete Access links only for that specific group where they hold this right.
For a more comprehensive list of roles and permissions, please visit our documentation page.
Shoot us an email and let us know which roles-related feature you’d like to see in Kisi. We’d be delighted to hear from you.
Product documentation writer with a passion to translate technical features into customer value.
Enable cookies to help us improve your experience.