Permissions in ObservV
ObservV uses a role-based permission model that operates at three levels:
- Global roles – organization-wide permissions
- Property roles – permissions within specific properties
- Project roles – permissions within specific projects
A user may hold roles at one or more of these levels at the same time.
Global Roles
Global roles control what a user can do across the entire organization.
How Global Roles Work
Global roles are hierarchical and nested:
- Roles are ordered by seniority, with the most senior roles at the top
- Senior roles automatically inherit the permissions of all lower roles, except for Global Uploaders, who are not sponsors of Global Vierers or Sponsors of any roles
- A sponsoring role always retains the full permission set of the roles it sponsors
Global Role Hierarchy (Most to Least Senior)
- Account Owner
- Global Account Manager
- Global Team Manager
- Global Content Manager
- Global Uploader
- Global Viewer
NOTE: Global Upladers cannot sponsor Global Viewers
Global Role Permissions
Permission | Account Owner | Global Acount Manager | Global Team Manager | Global Content Manager | Global Uploader | Global Viewer |
| Manage subscription & data services | ✓ | |||||
| Invite users | ✓ | ✓ | ✓ | |||
| Allocate global roles | ✓ | ✓ | ✓ | ✓ | ||
| Manage properties | ✓ | ✓ | ✓ | ✓ | Optional | |
| Manage floors & hotspots | ✓ | ✓ | ✓ | ✓ | Optional | |
| Manage tours & markers (org-wide) | ✓ | ✓ | ✓ | ✓ | Optional | |
| Create / manage projects | ✓ | ✓ | ✓ | Optional | ||
| View sensitive photos | ✓ | ✓ | ✓ | ✓ | Optional | |
| Upload photos | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Edit own content | ✓ | ✓ | ✓ | ✓ | Own (24 hrs) | |
| Edit others’ content | ✓ | ✓ | ✓ | ✓ | ||
| Trash content | ✓ | ✓ | ✓ | ✓ | Own (24 hrs) | |
| Delete trash | ✓ | ✓ | ||||
| Restore trash | ✓ | ✓ | ✓ | ✓ | ||
| Comment | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Remove redactions | ✓ | ✓ | ||||
| Delete unredacted originals | ✓ | ✓ |
Adding Users to Global Roles
- Users can normally add other users only into lower-level roles
- Global Uploaders are not sponsors of Global Viewers (both must be sponsored by Global Content Managers or above)
- Exception: Account Owners can add other Account Owners
- Users may add users multiple levels below their own role
- Intermediate roles do not need to be assigned
Skipping Global Role Levels
Organizations may choose not to use one or more Global Role levels (for example, skipping Global Account Manager, Global Team Manager roles or Global Content Manager Roles).
This enables:
- Centralized governance
- Reduced operational risk
- Clearer accountability
Users With No Global Role
Users with only property roles and no Global role are considered to have no global role.
They:
- Have no organization-wide permissions
- Operate only within assigned properties
- Can be used for contractors or external collaborators
Property Roles
Property roles define permissions within a specific property.
Property Role Types
- Property Content Manager
- Property Uploader
- Property Viewer
A user can hold multiple property roles, including across different properties.
Property Role Permissions
Permission | Property Content Manager | Property Uploader | Property Viewer |
| Allocate property roles | ✓ | ||
| Manage property | ✓ | Optional | |
| Manage floors & hotspots | ✓ | Optional | |
| Manage tours & markers | ✓ | Optional | |
| Create / manage projects | ✓ | Optional | |
| View sensitive photos | ✓ | Optional | |
| Upload photos | ✓ | ✓ | |
| Edit own content | ✓ | Own (24 hrs) | |
| Edit others’ content | ✓ | ||
| Trash content | ✓ | Own (24 hrs) | |
| Restore trash | ✓ | ||
| Comment | ✓ | ✓ | ✓ |
Property Role Governance
- Property roles are not sponsored by Global roles in a 1:1 nested way
- Any Global Team Manager or above can change any property role
- Where multiple Property Content Manager roles exist:
- Each represents a separate branch
- Users in one branch cannot change roles in another branch
- Global Team Managers (or above) can manage all branches
- Global Team Managers (or above) can manage Property Uploader and Property Viewer branches
- Similar to Global Roles, Property Uploaders are not sponsors to Property Viewer roles
External Users and Property Roles
External users:
- Can be assigned property roles
- Can hold multiple property roles
- Cannot be assigned Global roles
- May hold property roles across multiple external organizations
Project Roles
Project roles define permissions within a specific project.
Project Role Types
- Project Manager
- Project Team Leader
- Project Uploader
Project Role Permissions
Permission | Project Manager | Project Team Leader | Project Uploader |
| Add internal users | ✓ | ✓ (uploaders only) | |
| Add external users | ✓ | ✓ (uploaders only) | |
| Edit project roles | ✓ | ||
| Edit project details | ✓ | ||
| Add / remove hotspots | ✓ (If also Property Content Manager Only) | ||
| Upload photos | ✓ | ✓ | ✓ |
| Comment | ✓ | ✓ | ✓ |
| View project content | ✓ | ✓ | ✓ |
Adding Users to Projects
- Users can normally add other users only to lower-level roles
- Exception: Project Managers can add other Project Managers
- Users may add users multiple levels below their own role
- Intermediate roles do not need to be assigned
- Project Managers and Team Leaders can be Externals, and they can add Externals to roles
Summary
- Global roles are hierarchical and inherit permissions
- Property and Project roles are scoped and independent
- Users can hold multiple roles across scopes
- External users cannot hold Global roles
- Global Team Managers (or above) can manage all property roles
- Global Content Managers (or above) can manage Uploader and Viewer property roles
- Multiple Property Content Manager roles form independent branches