Skip to main content

Access Profiles

ION Guard uses a system of 5 hierarchical profiles to control what each user can see and do on the platform.

Profile hierarchy

Platform Admin (level 5) — full system access
└── Tenant Master (level 4) — full organization access
└── Tenant Admin (level 3) — operational management
└── Operator (level 2) — actions on assigned sites
└── Viewer (level 1) — read-only

Profile descriptions

Platform Admin

Who uses it: ION Grade technical team (system administrator).

  • Access to all organizations (tenants) and sites
  • Manages organizations, modules, and system settings
  • Bypasses all tenant restrictions
  • Access to development tools (MQTT debug, DevTools)

Tenant Master

Who uses it: Main manager of the client organization.

  • Full access to all sites in their organization
  • Creates, edits, and deletes sites, and manages the organization's settings
  • Creates and manages lower-level users (Tenant Admin, Operator, and Viewer) — cannot grant the Tenant Master profile
  • No visibility into other organizations

Tenant Admin

Who uses it: Security coordinator or operational supervisor.

  • Access to all sites in the organization
  • Manages zones, floors, devices, and reports within the organization's sites
  • Does not create, edit, or delete sites (this action is exclusive to Tenant Master and Platform Admin)
  • Creates and manages Operator and Viewer users
  • Cannot create Tenant Admin or above

Operator

Who uses it: Security operator on shift.

  • Access only to assigned sites
  • Views dashboards, alerts, and tracking
  • Acknowledges and resolves alerts
  • Does not manage devices, zones, or users

Viewer

Who uses it: Manager or auditor who needs visibility without action.

  • Access only to assigned sites
  • Read-only — views everything but cannot perform actions
  • Cannot acknowledge or resolve alerts
Profile assignment

Except for the Platform Admin, no user can assign a profile equal to or higher than their own. A Tenant Master, for example, can only create or promote users up to Tenant Admin — never another Tenant Master. This prevents privilege escalation.

Permission matrix

Management

ResourcePlatform AdminTenant MasterTenant AdminOperatorViewer
Organizations (CRUD)YesOwn¹NoNoNo
Sites (CRUD)YesYesNo²NoNo
Zones (CRUD)YesYesYesNoNo
Floors (CRUD)YesYesYesNoNo
Beacons (CRUD)YesYesYesNoNo
Antennas (CRUD)YesYesYesNoNo
Users (CRUD)YesYesPartialNoNo
Modules (install/remove)YesNoNoNoNo
System settingsYesNoNoNoNo

¹ Tenant Master does not create or delete organizations, but can edit the settings of their own organization at Organization (/organization). ² Tenant Admin manages zones, floors, and devices within the sites, but creating, editing, and deleting sites is exclusive to Tenant Master and Platform Admin.

Operations

ActionPlatform AdminTenant MasterTenant AdminOperatorViewer
View dashboardYesYesYesYesYes
View alertsYesYesYesYesYes
Acknowledge alertsYesYesYesYesNo
Resolve alertsYesYesYesYesNo
View trackingYesYesYesYesYes
View zone mapYesYesYesYesYes
Generate reportsYesYesYesNoNo
View auditYesYesYesNoNo

Access scope

ProfileVisible sites
Platform AdminAll (all organizations)
Tenant MasterAll sites in the organization
Tenant AdminAll sites in the organization
OperatorAssigned sites only
ViewerAssigned sites only
Site assignment

Site assignment is done during user creation and can be changed at any time by an administrator.