Permissions

Every iModelHub operation requires that user would be authorized to perform it. iModelHub uses Role Based Access Control (RBAC) service to manage authorization. RBAC allows to create roles with a chosen set of permissions. Every user can be assigned one of these roles. RBAC permissions are configured per Project. You can access RBAC permissions management through CONNECT portal.

iModelHub uses 6 permissions:

  1. Create iModel
  2. Delete iModel
  3. Read iModel
  4. Modify iModel
  5. Manage iModel Resources
  6. Manage iModel Versions

Create iModel

Permissions automatically included: Read iModel, Modify iModel

Create iModel permission allows creating iModels. See IModelDb.create and IModelHandler.create.

Delete iModel

Permissions automatically included: Read iModel

Delete iModel permission allows deleting iModels. See IModelHandler.delete.

Read iModel

Read iModel permission is required for every single iModelHub operation. It is automatically granted when giving any other iModelHub permission.

User that only has Read iModel permission can work with iModel, but they will be unable to make any changes to it. It means that users with this permission will be able to send all query requests. In addition to that, they will be able to acquire and download Briefcases and pull ChangeSets. See IModelDb.open and IModelDb.pullAndMergeChanges.

Modify iModel

Permissions automatically included: Read iModel

Modifiy iModel permission allows making changes to the iModel. It means that users will be able to manage their own HubCodes and Locks and push their ChangeSets to iModelHub. See concurrency control and IModelDb.pushChanges.

Manage iModel Resources

Permissions automatically included: Read iModel, Modify iModel

Manage iModel Resources permission allows managing HubCodes and Locks for the entire iModel. It means that they will be able to modify and relinquish Codes and Locks that belong to other users. Modifying resources that are owned by other users is not recommended, as it could cause conflicts.

Manage iModel Versions

Permissions automatically included: Read iModel, Modify iModel

Manage iModel Versions permission allows creating and modifying Named Versions. See VersionHandler.create.

Last Updated: 08 January, 2020