Group Roles and Permissions
Roles define the permissions that are assigned to Account users and determine what they can see and do. Roles are granted on a group-by-group basis.
A single Account user can have a different role in each group they have access to. An Account user’s role in the All devices group acts as their most basic role throughout the entire organization. For example, if an Account user has a resolve-only role in the All devices group, they can see the organization’s devices and resolve alerts on every device. They can also be given higher-access roles in other groups, where they might be able to manage or edit specific devices.
The available Blackline Live roles are:
| Organization admin |
This role includes the highest level of permissions and should be appointed to users that are responsible for the organization’s device fleet. Users with this role can see and edit all resources in their Blackline organization. They can edit organization-wide information and settings and can create and manage relationships with other organizations. Users with this role can also view the sensor readings and analytics for all devices in their organization. This role can only be applied to the All devices group, since it represents the entire organization. |
| Organization assistant |
This role supports the Organization admin role. A user with this role can manage devices, team members, profiles, groups, and organization details, but cannot request or manage relationships with other organizations. They can also view sensor readings and analytics for devices in the groups they have access to. This role does not have access to maps unless resolving an alert. |
| Group admin |
This role should be given to users who manage a group. Depending on the criteria you are using to create your groups, this might be a site manager or a team lead. Users with this role can edit the groups they have this role in, as well as any devices within it. They can also view sensor readings and analytics for the groups they have access to. Users with Group admin access to the All devices group can also make any change to team members in the organization, including giving or revoking Blackline Live access, or changing what groups or roles they have access to. |
| Fleet admin |
This role is meant to give permissions for management of the devices only within the user’s fleet. A user with this role can assign devices, manage mass notifications, and resolve alerts. In the groups they have this role in, users can also view sensor readings and analytics for devices. This role does not have access to maps unless resolving an alert. |
| Device admin |
This role should be given to users who manage device fleets within the groups they have access to. Account users with this role can rename devices or assign them to team members and are able to monitor and respond to online devices. They can also view sensor readings and analytics for devices in the groups they have access to. |
| Contact admin* |
This role is meant for users that assign devices to workers. Users with this role can access the devices, team members, and quick assign pages to make device assignments. The Contact admin role is like the Device admin role, with the exception that their access to pages in Blackline Live is limited. While they can still manage and assign devices, they cannot see the Maps page, the configuration or alert profiles, accessories or Analytics, and they cannot resolve alerts on devices. |
|
Contact admin (No repair) | This role is meant for users that assign devices to workers. Users assigned to this role have the same permissions as the Contact admin role but cannot mark devices as under repair. |
| Resolve only |
This role is meant for monitoring agents. Users can see information in the organization but can only investigate and resolve alerts. A user with the Resolve only role can acknowledge alerts and leverage the Alerts Management page to review emergency response protocols, assess the device’s current location and status, contact device users and emergency contacts, and leave notes regarding the investigation of the event. They can also view the Sensor readings page. |
| Emergency response admin |
This role is meant for a monitoring administrator. Users can respond to alerts but in a more limited way than the Resolve only role. A user with this role can only access alert management pages and the Mass notifications page. This role does not have access to maps unless resolving an alert. |
| Emergency Responder* | Users with the Emergency responder role have the same monitoring and alert resolution permissions as users with the Resolve only role. However, they are not permitted to view all the resources in the organization, such as team members, devices, configurations, alert profiles, and analytics. Any information that is required for alert investigation and resolution, is made available to the user through the Alert management page, the Maps page, and the Sensor readings page. |
| Compliance |
This role is meant to monitor the compliance of their device fleet. A user with this role only has access to the Compliance dashboard page and the Mass notifications page. |
| View only | The View only role allows an Account user to see the resources within an organization, but they cannot edit or manage any of them. They can view alerts but cannot acknowledge or resolve them. They can also view the Sensor readings page. |
| Analytics only* | Users with the Analytics only role can only view the Blackline Analytics page and the reports listed there. They cannot see the maps, alert management pages, or resource pages. |
*This role is only available for groups within the Account user’s organization. It cannot be used when creating a relationship to share group access with another organization.
Team members are not considered to be grouped resources. An Account user requires either a Contact admin, Device admin, Group admin, or Organization admin role in the All devices group to add and edit team members.
Refer to the following table to see the permissions included with each role.
* To create and edit team members or assign devices to team members, an account user needs access to the All devices group.
