Access right is a possibility to view some system objects and perform allowed actions over them. There are five access levels: from simple viewing to management.

Who Defines Access Rights

Access rights are defined primarily by service manager, however in some cases it can be done also by end users.

Who Owns Access Rights

Rightholders can be any system users (end users, managers, etc). The rights for each of them are defined individually in user properties dialog on the tab Access to objects. The rights can be reassigned at any moment.

What Can Be Accessed

A user can obtain access to any system objects:

Units
A user can get possibility to see unit location on the map, observe its parameters (such as speed, altitude, sensors values), execute commands over this unit, send messages, receive notifications on unit activity, generate reports, etc.

Users
One user can have access to others. Then this user can edit them, define their rights, etc, for example, as it is done by service manager.

Accounts
Access to an account assumes access to all its contents that is geofences, POI, report templates, notifications, jobs, routes, drivers. Access to an account assumes also that the user can create such objects.

Unit groups
When assigning rights to unit group, they are applied to any unit belonging to the group. This rule works in the direction of increasing rights. It means you can assign a higher access level to units in group but not cut down access rights if a higher level was assigned earlier.

Five access levels exist in the system:

None
Any kind of access is denied. User can neither see the object nor do something with it.

View
User can only see the object and view its properties but not edit them. If the object is a unit, user can watch it on the map, get notification about it, generate reports, assign a job (however, not any types of jobs and notifications), view most of unit properties. If the object is a unit group, user gets view access to all units included in this group. However, if before that the user has had more rights to a unit from this group, this enhanced access will remain. If the object is an account, user can view all objects belonging to this account (POI, geofences, jobs, reports templates, etc.).

Execute commands
This access level make sense only for units and unit groups. If it is applied to accounts or users, then it is equal to the previous level – view. With this access, user can execute commands over units, register unit events, bind/unbind drivers.

Edit
This access level allows user to perform all above-mentioned actions and in addition change objects' properties. If this level is applied to an account, the user can edit objects belonging to this account: create, update, import and delete geofences, POI, report templates within this account. If the object is a unit, user can view all its properties and alter them, as well as assign routes to this unit.

Manage
User gets a complete control over an object, including access management and deleting the object from the system. In case of a unit, user can delete massages from unit's database.

The rights are assigned to each user individually when creating, copying or updating the user – on the Access tab. Other ways to define rights is when configuring a unit (or unit group) – on the Accessors tab.

To assign access rights you need to have manage access both to objects to which you set rights, and to users to which you give rights.

Through User Properties

Open user configuration dialog and go to the Accessors tab. On the left there is the objects tree (units, unit groups, users, accounts), on the right there are several radio buttons which represent different access levels. In the objects tree select needed objects and assign the access to them using radio buttons on the right. In accordance with rights assigned, items acquire a background of the corresponding color. To save changes, push OK.

Hint.
If you have less than 100 objects, the full list of available objects is displayed when you open the tab. If you have more than 100 objects, the list is empty, and you need to apply the filter to search and display objects. On the bottom of the dialog enter request text using wildcard symbols * (replaces any number of characters) and ? (replaces one character). After entering a text, press Apply. Search results will be displayed on the list.

To select several objects at once, use <ctrl> and <shift> keys. Hold any of these keys and click on a tree node, this node will be selected entirely with all its items. Holding <ctrl> key it is possible to select several objects clicking on them in a random order. Holding <shift> key it is possible to select several objects going in succession. To do this, click on the first item and then on the last item in the succession.

Through Unit Properties

Open unit properties dialog and move to the Accessors tab. On the left there is a list of all users available. On the right you assign for them access level to the unit. Here <ctrl> and <shift> keys are used in the same way.

Through Unit Group Properties

In a similar way access rights on unit groups are assigned. When creating, updating or copying a group, move to the Accessors tab. Remember that rights assigned here are applied to each and every unit in the group. Here you can increase rights only and not vice versa.

Through Account Properties

In a similar way access rights can be assigned on Accessors tab of account properties dialog .

One of the bullet points in Wialon Hosting management is correct and consistent assignment of creator to different marco objects.

Creator is a user that initially has full access rights to an object being created and can define access rights for other users. The creator of a user also automatically gets manage rights to units created by this user. Afterwards creator's rights can be dimensioned if needed.

Building hierarchy with the help of creator allows to divide the whole work among several users, assign different rights to objects, as well as reduce information content processed on the screen.

In the system there can be no objects without creator. The creator is assigned when creating an object and cannot be changed later. Usually (when a user, a unit or a unit group is created) the creator is selected from the list of existent users. But when a new account is created, its creator can be created with it simultaneously.

To assign a user as creator, you should have manage access to this user. If you create an object by copying method or have no manage access to any user, then creator selection list is not available, and the current user (that is you) is assigned as their creator automatically. When viewing object's properties, creator is shown only if you have any access (at least view) to this user.

It is impossible to delete a user that is the creator of some object. You first should delete this object. For usual users it is done manually. What concerns an account creator, it can be deleted only deleting this account.