This section describes how permissions are structured in your instance.
For information on how to change the setting of your instance refer to Configuring Your Instance.
For information on managing users refer to Managing Users
For information on managing user groups refer to Managing User Groups
Permissions are organized into groups in a hierarchy structure. Rather than assigning permissions to each user individually, users are grouped together, and then permissions are allocated to the group. The extent of the permissions provided will be based on the roles assigned within that group.
Groups
A group can consist of several subgroups, which can also contain their own subgroups.
Users can be assigned to multiple groups on different levels. They have to be added manually to each group and/or subgroup.
NavVis IVION comes with a default list of groups, which you can edit in User Management > Groups.
Each default group has a name and a set of permissions applied to it. The permissions control what kind of content members of the group can create, view, and publish. You can edit the permissions of a group via User Management > Groups.
If a user is in the Editor group, this means they have edit permissions, if a user is in the Viewer group this means they only have permission to view.
Users can only see groups they are a member of.
Default Groups
Level | Group |
|---|---|
IVION Instance | Everyone |
Global Admin | |
Site | Admin (Site Admin) |
Editor | |
Viewer |
Default View/Edit Site Permissions
Access to feature/function
No access to feature/function
Page/ Side Menu/ Action | Function/Feature | User Groups | ||||
Everyone | Global Admin | Site Admin | Editor | Viewer | ||
|---|---|---|---|---|---|---|
Home page |
|
|
|
|
| |
User profile |
|
|
|
|
| |
|
|
|
|
| ||
|
|
|
|
| ||
Instance settings |
|
|
|
|
| |
|
|
|
|
| ||
User management |
|
|
|
|
| |
|
|
|
|
| ||
|
|
|
|
| ||
|
|
|
|
| ||
View Site Permissions | ||||||
|
|
|
|
| ||
Search |
|
|
|
|
| |
|
|
|
|
| ||
Datasets viewer |
|
|
|
|
| |
|
|
|
|
| ||
Edit dataset permissions |
|
|
|
|
| |
POI types |
|
|
|
|
| |
|
|
|
|
| ||
|
|
|
|
| ||
Point of Interest (POI) |
|
|
|
|
| |
|
|
|
|
| ||
|
|
|
|
| ||
|
|
|
|
| ||
Site Model attributes |
|
|
|
|
| |
|
|
|
|
| ||
|
|
|
|
| ||
|
|
|
|
| ||
|
|
|
|
| ||
|
|
|
|
| ||
Settings |
|
|
|
|
| |
|
|
|
|
| ||
|
|
|
|
| ||
Site Setup Permissions | ||||||
|
|
|
|
| ||
|
|
|
|
| ||
|
|
|
|
| ||
|
|
|
|
| ||
|
|
|
|
| ||
|
|
|
|
| ||
|
|
|
|
| ||
|
|
|
|
| ||
Settings |
|
|
|
|
| |
|
|
|
|
| ||
|
|
|
|
| ||
|
|
|
|
| ||
|
|
|
|
| ||
Group Permissions
After an instance is created, a Global Admin or Site Admin can make changes to the groups by assigning or removing permissions:
Permission title | Function/feature | Everyone | Global Admin | Site Admin | Editor | Viewer |
|---|---|---|---|---|---|---|
POI Management |
|
|
|
|
| |
POI Management |
|
|
|
|
| |
Vector maps in Dataset Management |
|
|
|
|
| |
User Group Management |
|
|
|
|
| |
Access Management |
|
|
|
|
| |
Site Model Creation |
|
|
|
|
| |
Site Model Creation |
|
|
|
|
| |
Crop and Download |
|
|
|
|
| |
Publishing |
|
|
|
|
| |
Mark and Measure |
|
|
|
|
| |
Mark and Measure |
|
|
|
|
| |
POI Management |
|
|
|
|
| |
Dataset Management |
|
|
|
|
| |
NavVis IVION Processing |
|
|
|
|
| |
Publishing |
|
|
|
|
|
Data-Level Permissions
In addition to the site-level permissions described above, NavVis IVION lets you control access to specific data within a site. At each level, you can set which user group is the minimum required to view or edit that item. Users in groups below that level won't be able to see or make changes to it.
Permissions can be set at the following levels:
Site: Controls who can view a site. See Managing User Group Permissions.
Dataset: Controls who can view and edit datasets and site entities. See Editing Datasets and Site Entities.
Bundle: Controls who can view and edit 2D maps and NavGraphs. See Dataset Management.
POI type group: Controls who can view and edit POI type groups. See Creating, Editing, and Deleting a POI Type Group.
POI: Controls who can view and edit individual POIs. See Editing a POI.
Note: Data-level permissions work alongside site-level permissions. A user still needs the appropriate site-level access before content-level permissions apply.
POI Permissions
You can set view and edit permissions on individual POIs to control which user groups can see or modify them. When creating or editing a POI, use the View and Edit drop-down menus to select which user groups have access. This allows you to restrict a POI's visibility to specific groups, or limit who can make changes to it.
Keep the following in mind when setting POI permissions:
For example, users in the “Everyone” group can, by default, view POIs but cannot edit them.
The user who creates a POI must grant editing access to other user groups.
Site Admins can edit all POIs regardless of the POI-level permission settings.
You can adjust these permissions at any time by editing the POI.
POI Group Permissions
POI type groups let you organize related POI types into categories. Each POI type group has its own view and edit permissions, which control access to all POI types within that group.
Dataset and Alignment Bundle Permissions
Permissions for datasets are managed at the alignment bundle level as well as on individual datasets. When you create or edit an alignment bundle, the view and edit permissions you set. This controls who can view or edit the navigation graph and maps associated with those datasets.
How bundle and dataset permissions interact
Dataset and bundle permissions are set independently. Dataset permissions control who can view and edit datasets and site entities, while bundle permissions control who can view and edit the 2D maps and NavGraphs created from those datasets. Because they govern different things, they don't override each other and you need to set each one according to the level of access you want to grant for that type of content.
Global Admin
Global admins have access to all sites, site content, and functions in an instance.
By default, every instance has a global admin account. The first user to log in automatically becomes a global admin.
Members of the global admin group can add more users to this group.
Site Admin
Site admins have full access to their sites' content. A user can be a site admin of multiple sites.
Everyone
All users added to are automatically part of the Everyone group. This applies to Registered users with individual sign-in credentials as well as Guest Users, who do not have their own sign-in credentials.
Everyone users (these are users that are not part of any group) will only be able to see public sites (they cannot access private sites). In reverse that means that Everyone users will be able to access all public sites.
The Everyone user group can be edited by selecting the General tab in the site drop-down menu on the Groups page, here you can also adjust the permissions the Everyone Group has.
Guest Users
Users that are added to , are not automatically added to a group apart from the Everyone group. They are considered guest users and their permissions are limited to viewing, navigating, and searching within . By default, these users do not have creation or editing permissions. To give users additional permissions, add them to an existing group or create a new group with the appropriate permissions.
Note: Users that are not added to a group will not count against applicable user licenses. However, users will count against applicable user licenses once they become part of a group.
Data Processing Rights
Users with Data Processing rights will be permitted to perform the following actions:
Upload unprocessed data
Launch processing tasks
Work with processed data
Note: Users can access the add to dataset management button and copy data to NavVis IVION even if they do not have permission to access the dataset management page.
FAQ
How are permissions managed in NavVis IVION?
Permissions are managed using groups, where users are added to a group and permissions are granted to that group.
Can a user belong to multiple groups?
Yes, users can be assigned to multiple groups but must be added manually to each group and/or subgroup.
What is the hierarchy of groups in NavVis IVION?
NavVis IVION’s group system is hierarchical, allowing a group to have multiple subgroups.
What are the default groups available in NavVis IVION?
The default groups include Everyone, Global Admin, Site Admin, Editor, and Viewer.
What permissions do users in the Viewer group have?
Users in the Viewer group only have permission to view content.
Can guest users create or edit content?
No, guest users do not have creation or editing permissions by default.
What actions can users with Data Processing rights perform?
Users with Data Processing rights can upload unprocessed data, launch processing tasks, and work with processed data.
How can permissions for the Everyone group be edited?
Permissions for the Everyone group can be edited via the General tab in the site drop-down menu on the Groups page.
What is the role of a Global Admin?
Global admins have access to all sites, site content, and functions in an instance.