Access Profiles
ION Guard uses a system of 5 hierarchical profiles to control what each user can see and do on the platform.
Profile hierarchy
Platform Admin (level 5) — full system access
└── Tenant Master (level 4) — full organization access
└── Tenant Admin (level 3) — operational management
└── Operator (level 2) — actions on assigned sites
└── Viewer (level 1) — read-only
Profile descriptions
Platform Admin
Who uses it: ION Grade technical team (system administrator).
- Access to all organizations (tenants) and sites
- Manages organizations, modules, and system settings
- Bypasses all tenant restrictions
- Access to development tools (MQTT debug, DevTools)
Tenant Master
Who uses it: Main manager of the client organization.
- Full access to all sites in their organization
- Creates, edits, and deletes sites, and manages the organization's settings
- Creates and manages lower-level users (Tenant Admin, Operator, and Viewer) — cannot grant the Tenant Master profile
- No visibility into other organizations
Tenant Admin
Who uses it: Security coordinator or operational supervisor.
- Access to all sites in the organization
- Manages zones, floors, devices, and reports within the organization's sites
- Does not create, edit, or delete sites (this action is exclusive to Tenant Master and Platform Admin)
- Creates and manages Operator and Viewer users
- Cannot create Tenant Admin or above
Operator
Who uses it: Security operator on shift.
- Access only to assigned sites
- Views dashboards, alerts, and tracking
- Acknowledges and resolves alerts
- Does not manage devices, zones, or users
Viewer
Who uses it: Manager or auditor who needs visibility without action.
- Access only to assigned sites
- Read-only — views everything but cannot perform actions
- Cannot acknowledge or resolve alerts
Except for the Platform Admin, no user can assign a profile equal to or higher than their own. A Tenant Master, for example, can only create or promote users up to Tenant Admin — never another Tenant Master. This prevents privilege escalation.
Permission matrix
Management
| Resource | Platform Admin | Tenant Master | Tenant Admin | Operator | Viewer |
|---|---|---|---|---|---|
| Organizations (CRUD) | Yes | Own¹ | No | No | No |
| Sites (CRUD) | Yes | Yes | No² | No | No |
| Zones (CRUD) | Yes | Yes | Yes | No | No |
| Floors (CRUD) | Yes | Yes | Yes | No | No |
| Beacons (CRUD) | Yes | Yes | Yes | No | No |
| Antennas (CRUD) | Yes | Yes | Yes | No | No |
| Users (CRUD) | Yes | Yes | Partial | No | No |
| Modules (install/remove) | Yes | No | No | No | No |
| System settings | Yes | No | No | No | No |
¹ Tenant Master does not create or delete organizations, but can edit the settings of their own organization at Organization (/organization).
² Tenant Admin manages zones, floors, and devices within the sites, but creating, editing, and deleting sites is exclusive to Tenant Master and Platform Admin.
Operations
| Action | Platform Admin | Tenant Master | Tenant Admin | Operator | Viewer |
|---|---|---|---|---|---|
| View dashboard | Yes | Yes | Yes | Yes | Yes |
| View alerts | Yes | Yes | Yes | Yes | Yes |
| Acknowledge alerts | Yes | Yes | Yes | Yes | No |
| Resolve alerts | Yes | Yes | Yes | Yes | No |
| View tracking | Yes | Yes | Yes | Yes | Yes |
| View zone map | Yes | Yes | Yes | Yes | Yes |
| Generate reports | Yes | Yes | Yes | No | No |
| View audit | Yes | Yes | Yes | No | No |
Access scope
| Profile | Visible sites |
|---|---|
| Platform Admin | All (all organizations) |
| Tenant Master | All sites in the organization |
| Tenant Admin | All sites in the organization |
| Operator | Assigned sites only |
| Viewer | Assigned sites only |
Site assignment is done during user creation and can be changed at any time by an administrator.