Overview
Navixis uses a hierarchical system of permissions at 3 levels:
Access to the organization : Owner, Administrator, Member
Access to sites : Manager, Can Edit, Read Only
Access to equipment : Manager, Can Edit, Read Only
Each level defines what a user can see and do in the application.
Level 1: Access to the organization
Owner
What it can do:
✅ Manage all users in the organization (invite, modify roles, delete)
✅ Assign the owner role to others users
✅ Access all sites and equipment without restriction
✅ Change all organization settings
✅ Delete organization
Who should have this role:
– Founder of the organization
– General manager
– Senior IT Manager
Administrator
What it can do:
✅ Manage member users (invite, modify, delete)
✅ Manage sites and equipment
✅ Access configuration features
✅ Create and edit events
✅ View all reports and data
What he can't do:
❌ Assign the owner role
❌ Edit or delete owners
❌ Delete organization
Who should have this role:
– Technical manager
– Project manager
– Department manager
Hierarchy :Owner > Administrator > Member
Member
What it can do:
✅ Consult the data of the sites to which he has access
✅ Use applications according to your site permissions
What he can't do:
❌ Invite other users
❌ Edit organization configuration
❌ Manage other users
Who should have this role:
– Standard user
– External consultant
– Observer
Important: The real rights of a member depend on its permissions at the site level.
Level 2: Access to sites
Administrator
What it can do:
✅ Completely manage the site and its subsites
✅ Manage all site equipment
✅ Invite users to this specific site
✅ Edit site configuration
✅ Access all site data
✅ Create and manage site events
Who should have this role:
– Site manager
– Facility manager
– Building manager
Can edit
What it can do:
✅ Edit site data
✅ Edit equipment
✅ Create and edit content
What he can't do:
❌ Invite users
❌ Delete site
❌ Edit advanced configuration
Who should have this role:
– Technician
– Maintenance agent
– Field operator
Hierarchy :Manager > Can Edit > Read Only
Read only
What it can do:
✅ View site data
✅ View equipment and their condition
✅ View reports
What he can't do:
❌ Edit anything
❌ Create equipment
❌ Access configuration
Who should have this role:
– Listener
– External consultant
– End customer (read only)
– Observation intern
Level 3: Access to equipment
Equipment rights follow the same logic as the sites:
Equipment Manager
✅ All rights to the equipment
✅ Can configure and configure
✅ Can send commands
Can modify equipment
✅Can change basic settings
✅ Can send some commands
❌ Limited access to configuration advanced
Read only on equipment
✅ Can view data
❌ No modification possible
How rights combine
Rights are combined according to a cascade logic: the highest level higher always wins.
Example 1: Owner with limited access to a website
Situation : Marie is the owner of the organization. She has a read-only access to Site A.
Result : Marie has full access everywhere, including Site A. The “read only” is ignored because proprietary > read only.
Example 2: Member with site management specific
Situation : Jean is a member of the organization (no global rights). He is manager of Site B.
Result : Jean can't do anything at the organizational level, but he has all the rights to Site B and its subsites. Ideal for a manager site without access to the rest of the organization.
Important Safety Rules
Rule 1: Protection of the owner
An administrator can never modify or delete a owner. Only an owner can manage a other owner.
Rule 2: You can only give what you have
A user can only assign lower roles or equal to his own:
– An admin can create members, but not owners
– A site manager can provide access to “can modify” " or "read-only", but not "manager »
Rule 3: Inheritance of subsites
Rights on a parent site apply automatically to all its subsites:
– If you are the manager of “Building A”, you are manager of all floors of the Building A
– A subsite can never have more rights than its parent
Concrete use cases
Case 1: New business starting
Installation steps:
An owner is created (the founder)
The owner invites administrators (responsible for departments)
Administrators invite members to their sites respective
Case 2: Property management company multi-site
Organization :XYZ Property Management Company
Team :
– Owner: General Manager (sees everything, handles everything)
– Administrator: Technical manager (manages technicians and sites)
Building A:
– Manager: Main caretaker (manages the building)
– Can modify: Maintenance technicians (intervene)
– Read only: Residents (consult their consumption)
Building B:
– Manager: Senior Guardian
– Read only: Residents
Case 3: Temporary external service provider
Context :An external technician intervenes on certain sites
Configuration:
– Organization: Member (no global rights, no access to the rest)
– Building A: Can modify (can intervene and do its job)
– Building B: Read only (can consult for diagnosis)
Advantage :The service provider is isolated and has no access only what he needs.
Permission Levels
Organization
Level | Description |
Owner | Owner of the organization, all rights |
Administrator | Organization Administrator |
Member | Simple member of the organization |
Site
Level | Description |
Administrator | Site manager, all rights to the site |
Can edit | Can modify site data |
Read only | Read only on the site |
Standard Profiles
Profile | Accessible Pages | Description |
Administrator | All pages | Full access to all features |
Administrator | Sites, Equipment, Network, Events, Data | Complete operational management |
Technician | Sites, Equipment, Network, Events | Technical intervention |
Occupant | Sites, Equipment, Data | Basic consultation and use |
Main Pages
1. Sites
Action | Read only | Can edit | Administrator |
See the list of sites | Yes | Yes | Yes |
View site details | Yes | Yes | Yes |
Create a site | No | No | Yes |
Edit a site | No | Yes | Yes |
Delete a site | No | No | Yes |
Manage site users | No | No | Yes |
View the site hierarchy | Yes | Yes | Yes |
2. Equipment
Action | Read only | Can edit | Administrator |
See the equipment list | Yes | Yes | Yes |
View equipment details | Yes | Yes | Yes |
Create equipment | No | Yes | Yes |
Modify equipment | No | Yes | Yes |
Delete equipment | No | No | Yes |
Configure equipment | No | Yes | Yes |
View historical data | Yes | Yes | Yes |
3. Network
Action | Read only | Can edit | Administrator |
View network topology | Yes | Yes | Yes |
See the gateways | Yes | Yes | Yes |
Create a gateway | No | Yes | Yes |
Modify a gateway | No | Yes | Yes |
Delete a gateway | No | No | Yes |
View network statistics | Yes | Yes | Yes |
4. Events
Action | Read only | Can edit | Administrator |
See the list of events | Yes | Yes | Yes |
Filter events | Yes | Yes | Yes |
View details of a event | Yes | Yes | Yes |
Create a manual event | No | Yes | Yes |
Edit an event | No | Yes | Yes |
Delete an event | No | No | Yes |
Export events | Yes | Yes | Yes |
5. Data
Action | Read only | Can edit | Administrator |
View data graphs | Yes | Yes | Yes |
Export data | Yes | Yes | Yes |
Configure dashboards | No | Yes | Yes |
Create reports | No | Yes | Yes |
6. Users
Action | Read only | Can edit | Administrator |
View user list | No | No | Yes |
Invite a user | No | No | Yes |
Change permissions | No | No | Yes |
Delete a user | No | No | Yes |
Applications
ENERGY – Energy management
Action | Read only | Can edit | Administrator |
Consult energy data | Yes | Yes | Yes |
View reports/charts | Yes | Yes | Yes |
Configure threshold alerts | No | Yes | Yes |
Export data | Yes | Yes | Yes |
Add users to the app | No | No | Yes |
PROTECT – Security, interventions, maintenance
Action | Read only | Can edit | Administrator |
Consult device status | Yes | Yes | Yes |
See alerts/anomalies | Yes | Yes | Yes |
Consult intervention history | Yes | Yes | Yes |
Create intervention | No | Yes | Yes |
Validate/modify intervention | No | No | Yes |
Certify conformity (Quitus) | No | No | Yes |
Declare installation/maintenance | No | Yes | Yes |
Download certificates | Yes | Yes | Yes |
Delete intervention record | No | No | Yes |
SHOU – Indoor air quality (CO₂)
Action | Read only | Can edit | Administrator |
Consult CO₂ levels | Yes | Yes | Yes |
View trends/reports | Yes | Yes | Yes |
Receive alerts | Yes | Yes | Yes |
Configure alert thresholds | No | Yes | Yes |
Export compliance reports | Yes | Yes | Yes |
EMA – EvaluationMeans Ventilation
Action | Read only | Can edit | Administrator |
View campaigns | Yes | Yes | Yes |
See inspection sheets | Yes | Yes | Yes |
Create campaign | No | Yes | Yes |
Complete inspection form | No | Yes | Yes |
Create measurement sheet | No | Yes | Yes |
Validate inspection sheet | No | No | Yes |
Delete campaign | No | No | Yes |
Import mobile data | No | Yes | Yes |
Generate compliance reports | Yes | Yes | Yes |
SKY – DataPollutants
Action | Read only | Can edit | Administrator |
View datapollutants | Yes | Yes | Yes |
Show pollutant trends | Yes | Yes | Yes |
Configure pollutant source | No | No | Yes |
POSE – Interventions and planning
Action | Read only | Can edit | Administrator |
View calendar | Yes | Yes | Yes |
See intervention sheets | Yes | Yes | Yes |
Create intervention note | No | Yes | Yes |
Create schedule | No | Yes | Yes |
Create appointment | No | Yes | Yes |
Validate completed intervention | No | No | Yes |
Delete schedule | No | No | Yes |
PPMS – Alarm and event management
Action | Read only | Can edit | Administrator |
Consult systems | Yes | Yes | Yes |
View alerts/events | Yes | Yes | Yes |
Receive notifications | Yes | Yes | Yes |
Configure system | No | Yes | Yes |
Permission Hierarchy
General Structure
The Navixis platform uses a permissions system two levels: Organization and Site.
Organization Level Permissions
Level | Priority | Rights |
Owner | 3 (Max) | All rights to the organization. Access to all sites. Billing management. Deletion of the organization. Overrides all site permissions. |
Administrator | 2 | Management of organizational members. Creation/modification of sites. Overrides all site permissions. Access to all reports. |
Member | 1 (Basic) | Limited access to assigned sites. Permissions defined at site level. Not access to organizational management. |
Site Level Permissions
Level | Priority | Rights |
Administrator | 3 (Max) | Complete site management. Create/Modify/Delete site. Manage the users of the site. Create/Modify/Delete equipment and schedules. All actions available. |
Can edit | 2 | Editing data. Edit the site (not delete). Create/Modify equipment (not delete). Create/Modify/Apply schedules (not delete). Configure alarms. Send instructions. |
Read only | 1 (Basic) | Read only. View site information. See the equipment and schedules. View data and graphics. Export data. None modification possible. |
Hierarchy Rules
1. Premium organization on site
The Owner and Administrator roles at the level Organization systematically overrides Site permissions. An Owner or Administrator has access total even if it is only Read-only on a site given.
2. Inheritance of Site Permissions
A user with Manager permission on a parent site automatically gets Manager on all child sites and descendants.
Example: Parent Site (Manager) → Child Site 1 (inherits Manager) → Grandchild Site (inherits Manager)
3. Maximum Permission Applied
When a user has different permissions on a parent site and a child site, this is the most common permission high which applies for each site individually.
Example: A member with Read Only on the Parent Site and Manager on the Child Site will have Manager rights only on the Children's Site, and Read only on the Site Parent.
4. Conflict Resolution
Case | Organization | Site | Effective permission |
Case 1 | Owner | Read only | Owner (Prime Organization) |
Case 2 | Administrator | Can edit | Administrator (Prime Organization) |
Case 3 | Member | Administrator | Manager (site permission respected) |
Case 4 | Member | Read only | Read only |
Concrete Examples
Example 1: Site Manager
User :John Dupont
– Nexelec Organization: Member
– Site “Building A”: Manager
– Site “Floor 1”: Manager (inherited)
– Site “Floor 2”: Manager (inherited)
Possible actions:
Yes :Create, modify and delete equipment on Building A, Floor 1 and Floor 2
Yes :Manage users of these sites
Yes :Delete schedules
No :Access other organization sites
No :Manage organization members
Example 2: Multi-Site Technician
User :Mary Martin
– Nexelec Organization: Member
– Site “Building A”: Can modify
– Site “Building B”: Can modify
– “Building C” site: Read only
On Building A and B:
Yes :Create and modify equipment, modify and apply the schedules
No :Delete equipment or schedules, manage them users
On Building C:
Yes :View data and export reports
No :Any modification
Example 3: Organization Administrator
User :Pierre Administrator
– Nexelec organization: Administrator
– No explicit site permission
Possible actions:
Yes :Access to all sites, create/modify/delete any equipment, manage all users, create new sites, all actions on all sites
Special Cases
API keys
API keys have independent permissions. users:
– May be limited to certain sites
– May have specific permissions (read only, writing)
– Do not follow organization/site hierarchy
– Defined when creating the key
Standard Profiles
Standard profiles apply combinations predefined:
Profile | Typical Permissions |
Administrator | Owner Organization |
Administrator | Manager on assigned sites |
Technician | Can edit on assigned sites |
Occupant | Read only on assigned sites |
Important Notes
Inheritance of permissions:Permissions of a parent site are inherited by child sites.
Hierarchy :Read only < Can edit < Manager
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article