User and Role Management


Users and Roles

Table of Contents

Introduction

Access permissions within iTwin Experience and iTwin platform are managed through Bentley's Identity Management Service(IMS) and Role Based Access Control(RBAC). To access an iTwin within iTwin Experience the user must be granted access to the iTwin by an admin and must be given an associated role which determines the user's permission and access level.

If an agency is managing multiple iTwins it is recommended that enterprise roles be created and configured which can then be reused across many iTwins within the system. Roles can be configured and created on individual iTwins if desired.

The relevant role access permissions are shown in the table below. In order to utilize all capabilities within iTwin Experience your users will need to have a role which includes these access permissions:

Permission Group

Permission

General Administration

Create New iTwin

Reality Data

Assign

Create

Manage

Use

iModelHub

View/Read/Write/Manage

ProjectWise Forms

Create

View

Comment

Approve

Modify

Delete Forms

Manage Forms

The role permissions can be granted to a single role or spread across multiple roles depending on the needs of your account.

NOTE: The "Team Member" role included by default in all organizations does not include the required permissions to complete iTwin Experience workflows.

iTwin - Users & Roles granting

The Users and Roles page is where you grant the access capabilities to your iTwin (portfolio/Asset/project) for users.

By default, no user or role is assigned to the active iTwin, except the owner of the iTwin, the person who created the iTwin. 

 

Adding Users

You can add users to your iTwin by clicking on the '+ Add User(s)' button. You can add people via their names if they are in your organization or email if they are outside. 

Once you've added required users and assigned them the appripritate role, click on the Add button. Each person will receive an email notification. 
You can also assign the "Owner" role to the selected user by enabling the toggle. The "Owner role gives a full access to the iTwin.

 

Import Users

You can also import a user list using a CSV file. The file must have the email address in the first column and the role in the second. You can click on the "Download CSV template file" button to download the template.

The CSV file that contains the users details can be dropped into the central section of the dialog or else, you can click on the Choose a file to navigate to the file location. Once the file is seleted, click on the Upload button.

 

Modify Roles

You can assign different roles to different users. Multiple rols can be assigned to a user. 

Select one or more users from the list by clicking the check box next to their names. Then click on the "Manage roles" button.

Select the appropriate role and click "Save changes". Note that you can also revoke role anytime. 

 

How to create and configure roles

Following actions to be performed by the Account Administrator.

How to create roles

1. Go to the Subscription Services Portal.

2. Click on "Roles and Permissions" tile.

3. It will navigate to Enterprise Role Management page and then click on "Define Roles" button.

4. To create new role, click on "New Role" button.

5. It will open a popup dialog box.

 

Create "Reality Data Manager" role:

1. To create new "Reality Data Manager" role, we need to add required details which is shown in below snapshot. Then click on "Save" button.

2. After clicking on "Save" button, below screen will be displayed. To add permissions to this role, we need to click on "Reality Data" under "Service Access and Permissions".

3. Now click on "Select All", then click on "Save" button.

Create "Reality Data User" role:

1. To create new "Reality Data User" role, we need to add required details which is shown in below snapshot. Then click on "Save" button.

2. After clicking on "Save" button, below screen will be displayed. To add permissions to this role, we need to click on "Reality Data" under "Service Access and Permissions".

3. Now select "Assign" and "Use" permissions, then click on "Save" button.

Create "Inspection Team Member" role:

1. To create new "Inspection Team Member" role, we need to add required details which is shown in below snapshot. Then click on "Save" button.

2. After clicking on "Save" button, below screen will be displayed. To add permissions to this role, we need to click on "iModelHub", "Reality Data" and "ProjectWise Forms" under "Service Access and Permissions".

3. Select "View/Read/Write/Manage" from "iModelHub" section.

4. Select "Select All" from "Reality Data" section.

5. Now select "Create" from "ProjectWise Forms" section, then click on "Save" button.

A screenshot of a computerDescription automatically generated

How to add user and assign role to the user?

1. Go to the Subscription Services Portal.

2. In the Resources section, click on "User Management" tile.

3. You will get "User Management" page and then click on "Add User" button.

4. "Add User" dialog box will be opened, and fill required details, then click on "Save" button.

5. Once user is added, then go to Subscription Services Portal and click on "Roles and Permissions" tile.

6. Search for newly created user. Select the user and then click on "Modify Role(s)" button.

7. Now select the previously created role and click on "Review" button.

Note: We can assign roles in combination, like custom role with enterprise role.

8. And then click on "Submit" button.