Permissions

Every iModelHub operation requires that user would be authorized to perform it. iModelHub uses Role Based Access Control (RBAC) service to manage authorization. RBAC allows to create roles with a chosen set of permissions. Every user can be assigned one of these roles. RBAC permissions are configured per ITwin. You can access RBAC permissions management through this portal.

iModelHub uses 4 permissions:

Create iModel

Permissions automatically included: Read iModel, Modify iModel

Create iModel permission allows creating iModels. See BackendHubAccess.createNewIModel.

Delete iModel

Permissions automatically included: Read iModel

Delete iModel permission allows deleting iModels. See BackendHubAccess.deleteIModel.

Read iModel

Read iModel permission is required for every iModelHub operation. It is automatically granted when giving any other iModelHub permission.

User that only has Read iModel permission can work with iModel, but they will be unable to make any changes to it. It means that users with this permission will be able to send all query requests. In addition to that, they will be able to acquire and download a Briefcase and pull Changesets. See BriefcaseDb.open and BriefcaseDb.pullChanges.

Modify iModel

Permissions automatically included: Read iModel

Modify iModel permission allows making changes to the iModel. It means that users will be able to manage Locks and push Changesets to iModelHub. See concurrency control and BriefcaseDb.pushChanges.

Last Updated: 30 November, 2023