Roles and permissions
Working with Roles
The iTwin Platform enables you to assign different roles depending on the requirements of your team. There are three types of roles available to assign to users of the iTwin Platform, each with varying levels of permissions. These roles are specific to those individuals that are engaged with building your iTwin application.
Note: Your end users are assigned roles for your application using the Access Control API. Please see Access Control for more information.
Roles available for use when building applications and managing account information include:
Subscription Manager - Manages all things related to the iTwin Platform account. This role has no restrictions.
Application Manager - Manages iTwin Platform applications.
Developer - a developer of a given application or applications.
Permissions and owners
All permissions are limited to the applications for which you are listed as an owner. This does not necessarily mean that you created the application, only that you have been defined as an owner of the application. Owners are assigned and listed on the App Details page for the registered app. To open the app details, click My Apps under the Profile menu and then click the name of the app in your list. Application Managers and Subscription Managers are not listed application owners on the App Details page as they are owners, by default, of all applications within the organization.
The Subscription Manager role is automatically assigned to anyone identified as an Administrator or Co-Administrator for your organization. The Subscription Manager has complete control of all aspects of the developer portal and is the only role able to assign a user a role.
You must always have at least one Subscription Manager role assigned to your account. A Subscription Manager can assign the Subscription Manager role to another account as needed however, you cannot remove your own account. If you need your account removed, assign the Subscription Manager role to another user, and they can remove the account on your behalf.
The Application Manager role is assigned to users responsible for managing applications created with the iTwin Platform. Users with this role have complete control of all applications belonging to the account.
The Developer role enables you to create, edit, or delete applications you created or applications for which you have been assigned as an owner. You can also add another user as an owner of any applications you create.
Note: Users that have an account, but do not have an assigned role will only have access to documentation within the developer portal. The table below defines the associated permissions for each role.
Overview of permissions
Create a new application All account roles have permission to create an application. When you create an application, you are the owner. You can invite others to your application. Click the Add Owner button on the App Details page to assign another owner.
Modify an application All account roles have permission to modify any application. Developers must be the owner of the application they want to modify. This permission enables you to change the name, add or remove scopes, and change any other settings for that application.
Delete applications All account roles have permission to delete an application. Developers must be the owner of the application they want to delete. Caution: If you have multiple owners, only one is required to delete the application. Make sure other application owners know that the application is being deleted.
View all applications for this organization Application managers and subscription managers can view any application on the account. Developers are limited to applications for which they are the owner.
Add developers to this subscription Enables the Subscription Manager to add users and assign the developer role.
Manage this subscription Enables the Subscription Manager to add credits to their account or modify or cancel the subscription to the iTwin Platform.
To add users roles:
- In your Profile menu, click Account Settings.
- In the Users list, click Add users.
- In the Add users dialog box, enter the name or email of the user to add.
- In the Role drop-down list, select the role to assign to this user.
- Click Add to add the user to your subscription. The user is added to your account with the appropriate role defined.
To change the role of a user
- In your Profile menu, click Account Settings. A list of users displays.
- Select the checkbox next to the name of the user or users you are editing.
- Click the Modify users rolebutton and select the new role from the list provided. If you have selected multiple users, all selected users will be assigned the new role.
- Click Modify to save the changes and close the dialog box. The new role is assigned to the user the next time they log in to the developer portal. If the user is logged in when the role is changed, they must log out and back in to see the change.
To remove a user from your account
- In your Profile menu, click Account Settings. A list of team members displays.
- Select the checkbox next to the name of the user or users you want to delete.
- Click the Remove userbutton. A confirmation dialog displays.
- Click Remove on the confirmation dialog box. The user is removed from the account.