Permissions
Every iModelHub operation requires that user would be authorized to perform it. iModelHub uses Role Based Access Control (RBAC) service to manage authorization. RBAC allows to create roles with a chosen set of permissions. Every user can be assigned one of these roles. RBAC permissions are configured per ITwin. You can access RBAC permissions management through this portal.
iModelHub uses 4 permissions:
Create iModel
Permissions automatically included: Read iModel, Modify iModel
Create iModel permission allows creating iModels. See BackendHubAccess.createNewIModel.
Delete iModel
Permissions automatically included: Read iModel
Delete iModel permission allows deleting iModels. See BackendHubAccess.deleteIModel.
Read iModel
Read iModel permission is required for every iModelHub operation. It is automatically granted when giving any other iModelHub permission.
User that only has Read iModel permission can work with iModel, but they will be unable to make any changes to it. It means that users with this permission will be able to send all query requests. In addition to that, they will be able to acquire and download a Briefcase
and pull Changesets
. See BriefcaseDb.open and BriefcaseDb.pullChanges.
Modify iModel
Permissions automatically included: Read iModel
Modify iModel permission allows making changes to the iModel. It means that users will be able to manage Locks
and push Changeset
s to iModelHub. See concurrency control and BriefcaseDb.pushChanges.
Last Updated: 30 November, 2023