Access Control
MeetBit uses Role-based Access Control (RBAC) to manage access within the platform. This section will explain different concepts that determine the access users have within the admin panel.
Role-Based Access Control
All access that Users have are provided via Roles. Permissions can only be provided directly to Roles and not Users. You can assign Roles to Users when you create or update Users. You can also provide and revoke permissions from Roles when you create or update Roles.
Departmental Scope
Permissions that are supposed to provide access to all resource IDs like the example below are actually scoped to the User's own department.
This means that a User from the "Asia-Pacific Sales" Department with a Role that allows them to read all Meeting Links actually can only read Meeting Links that also belong to the "Asia-Pacific Sales" Department. They cannot see Meeting Links from other Departments and Users from other Departments cannot see their Meeting Links.
Global Department
The Global Department is a special Department since it provides its Users access to resources of all Departments. All while other Departments don't have access to the Global Department's resources.
Additionally, resources that don't belong to any Department are only accessible to Users of the Global Department. These include:
Departments
Roles
Domains
Branding
Legal Information
Settings
Contracts
Invoices
Usage
Clients
Providers
Some resource objects are not owned by one particular Department nor are they restricted to the Global Department. These resource objects can be accessed by any User with a Role that allows them to do so. These include:
Notifications
Performance Analytics
Activities
Access To Owned Resources
Some resources can be owned by a specific User. These include:
Connected Accounts
Calendars
Online Conference Accounts
Events
Online Conferences
Online Conference Recordings
Chat Rooms
Exports
However, owning the resource does not automatically give the User access to these resources. To gain access, their Role must allow them to.
Access of Participants
Events and Conference Rooms are resources that have "participants". If a User is an attendee of an Event or an attendee of a Conference Room, they automatically gain the permission to read the Event or Conference Room they are an attendee of.
This is the only type of access that is automatically provided to Users and is not controlled via Roles.
Side Effects
The above concepts also influence the functionality of other features, often unrelated to each other. This is because a User's ability to select options is likewise constrained by these concepts.
For example, although a User's Role allows them to read performances, they can only view performances for Meeting Links, Forms, and Events accessible to them according to their Role-based permissions, Department, and Direct permissions.
For a much clearer example, let's consider the following:
User A, belongs to Department B with Role C.
Role C only allows Users to read all Meeting Links and read Performances.
User A has direct permissions to read Meeting Link D which belongs to the Global Department.
When User A opens the Performance page, the following is true:
They can generate performance charts of all Meeting Links belonging to Department B.
These charts do not include data from other Departments.
They can generate performance charts for Meeting Link D.
They cannot generate charts for Forms or Events.
Last updated
Was this helpful?