Roles and permissions
Permissions granted are limited to the developer and organization applications to which you have rights.
Working with Roles
The iTwin Platform enables you to assign different roles depending on the requirements of your team. There are three types of roles available to assign to users within the iTwin Platform, each with varying levels of permissions. These roles are specific to those individuals that are engaged in building your iTwin application.
Assign roles for your application to your end users using the Access Control API. Please see Access Control for more information.
Roles available for use when building applications and managing account information include:
- Subscription Manager - Manages all things related to the iTwin Platform account. This role has no restrictions.
- Application Manager - Manages iTwin Platform applications.
- Developer - a developer of a given application or applications.
Permissions and owners
All application management permissions are limited to the applications for which you are listed as an owner. This does not necessarily mean that you created the application, only that you have been defined as an owner of the application. Owners are assigned and listed on the App Details page for the registered app. To open the app details, click My Apps under the Profile menu and then click the name of the app in your list. Application Managers and Subscription Managers are not listed application owners on the App Details page as they are owners, by default, of all applications within the organization.
All Test iTwin management permissions are limited to the Test iTwins for which you are listed as a participant. This does not necessarily mean that you created the Test iTwin, only that you have been defined as one of participants of the iTwin. Participants are assigned and listed in the Manage participants dialog for the registered iTwin. To open the this dialog, click My iTwins under the Profile menu, hover over the Test iTwin tile, click "..." to open dropdown menu and then click Manage participants. Application Managers and Subscription Managers do not have access to all Test iTwins created within the organization, unless they have been added into participants list.
Available roles
Subscription managers
The Subscription Manager role is automatically assigned to anyone identified as an Administrator or Co-Administrator for your organization. The Subscription Manager has complete control of all aspects of the developer portal and is the only role able to assign a user a role.
You must always have at least one user assigned the Subscription Manager role. A Subscription Manager can assign the Subscription Manager role to another user as needed. The iTwin Platform does not allow you to remove your own user account. If you need your account removed, assign the Subscription Manager role to another user, and they can remove your account.
Application managers
The Application Manager role is assigned to users responsible for managing applications created with the iTwin Platform. Users with this role have complete control of all applications belonging to the account.
Developers
The Developer role enables you to:
- Create, edit, or delete applications you created or applications for which you have been assigned as an owner. You can also add another user as an owner of any applications you create.
- Create, edit, or delete Test iTwins you created or Test iTwin for which you have been added as participant. You can also add another user as a participant of any Test iTwin you create.
Users that have an account, but do not have an assigned role will only have access to documentation within the developer portal. The table below defines the associated permissions for each role.
Overview of permissions
-
Create a new application All roles have permission to create an application. When you create an application, you are the owner. You can invite others to your application. Click the Add Owner button on the App Details page to assign another owner.
-
Modify an application All roles have permission to modify any application. Developers must be the owner of the application they want to modify. This permission enables you to change the name, add or remove scopes, and change any other settings for that application.
-
Delete applications All roles have permission to delete an application. Developers must be the owner of the application they want to delete. Caution: If you have multiple owners, only one is required to delete the application. Make sure other application owners know that the application is being deleted.
-
Create a new Test iTwin All roles have permission to create a Test iTwin, create iModels from Bentley Samples or populate the iModel by syncing a set of files from your local computer. When you create a Test iTwin, you are added to the list of participants. You can share your iTwin with others by adding them to participants list. Click the Manage participants menu item on the Test iTwin tile dropdown menu to add another participant.
-
Modify a Test iTwin All roles have permission to modify Test iTwins and iModels. Users must be added to participants list of the Test iTwin they want to modify. This permission enables you to change the name, add, edit or remove iModels, and change any other settings for that Test iTwin.
-
Delete a Test iTwin All roles have permission to delete Test iTwin. Users must be added to participants list of the Test iTwin they want to delete. Caution: If you have multiple participants, only one is required to delete the Test iTwin. Make sure other participants know that the Test iTwin is being deleted.
-
View all applications for this organization Application managers and subscription managers can view any application in the organization. Developers are limited to applications for which they are the owner.
- Add users to this subscription Enables the Subscription Manager to add users and assign one of available roles.
- Manage this subscription Enables the Subscription Manager to add credits to their account and modify or cancel the subscription to the iTwin Platform. To make updates to your subscription, Contact the Partner Team.
Tasks
To add users roles
- In your Profile menu, click Account Settings.
- In the Users list, click Add users.
- In the Add users dialog box, enter the name or email of the user to add.
- In the Role drop-down list, select the role to assign to this user.
- Click Add to add the user to your subscription. The user is added with the selected role defined.
To change the role of a user
- In your Profile menu, click Account Settings. A list of users displays.
- Select the checkbox next to the name of the user or users you are editing.
- Click the Modify users role button and select the new role from the list provided. If you have selected multiple users, all selected users will be assigned the new role.
- Click Modify to save the changes and close the dialog box. The new role is assigned to the user the next time they log in to the developer portal. If the user is logged in when the role is changed, they must log out and back in to see the change.
To remove a user
- In your Profile menu, click Account Settings. A list of team members displays.
- Select the checkbox next to the name of the user or users you want to delete.
- Click the Remove user button.
A confirmation dialog displays. - Click Remove on the confirmation dialog box. The user is removed from the organization.