Zum Hauptinhalt springen

Role Model

Atrium uses a role-based access control model with three roles. Each role has a defined set of capabilities, scoped by tenant and site.

Roles at a glance

RoleScopePrimary purpose
Tenant-AdminEntire tenant (all sites)Full system administration — users, sites, IdP configuration, tenant settings.
Site-AdminOne or more assigned sitesSite operations — document templates, kiosk management, network configuration, visitor management.
MemberOne or more assigned sitesDaily visitor operations — invite visitors, receive arrival notifications, view own visitors.

Tenant-Admin

Tenant-Admins have unrestricted access across all sites in the tenant. They are the primary administrators who set up and configure the system.

What Tenant-Admins can do:

  • Create and configure sites.
  • Create, edit, and deactivate user accounts.
  • Assign roles and site access to users.
  • Configure identity provider settings (built-in IdP or external OIDC).
  • Manage tenant-wide settings.
  • Provision and revoke kiosk tablets at any site.
  • Manage document templates at any site.
  • Configure the Atrium Agent at any site.
  • View and manage visitors at any site.
  • Access the audit log.
  • View license status and entitlements.

Every tenant must have at least one Tenant-Admin. During initial setup, a default Tenant-Admin account is created.

Site-Admin

Site-Admins manage the day-to-day operations of one or more specific sites. They can configure everything within their assigned sites but cannot access tenant-wide settings or other sites.

What Site-Admins can do:

  • Manage document templates for their sites (create, edit, version, assign).
  • Register and revoke kiosk tablets for their sites.
  • Configure network settings (Atrium Agent) for their sites.
  • View and manage all visitors at their sites.
  • Pre-register visitors at their sites.
  • View agent connection status for their sites.

What Site-Admins cannot do:

  • Access sites they're not assigned to.
  • Create or manage user accounts.
  • Change tenant-wide settings.
  • Configure identity providers.
  • Manage users with equal or higher roles.

Member

Members are the standard user role — typically employees who invite visitors and act as hosts. Their access is focused on the visitor workflow.

What Members can do:

  • Pre-register (invite) visitors to their assigned sites.
  • View their own visitors' status and history.
  • Receive notifications when their visitors check in.
  • Act as a host for visits.

What Members cannot do:

  • View other users' visitors.
  • Access admin functions (settings, user management, template management).
  • Configure kiosks or network settings.

The host function

"Host" is not a role — it's a function that any authenticated user performs when they invite a visitor. Every visit has exactly one host. The host:

  • Is notified when their visitor checks in.
  • Can view and manage their visitor's visit status.
  • Appears on the visit record and in the visitor's pre-registration email.

A Tenant-Admin hosting a visitor and a Member hosting a visitor have the same host experience. The difference between roles only affects what else they can access in the system.

Role assignment

Roles are assigned by Tenant-Admins when creating or editing user accounts. A user has exactly one role. Role changes take effect on the user's next login (existing sessions continue with the previous role until the token expires or is refreshed).

For details on managing users, see User Management.