User, Role & Access Management
KpiX provides fine-grained, multi-tenant access control so every user sees exactly what they need - nothing more, nothing less.
User Management
- Create, edit, and deactivate users within any application
- Platform-wide user listing for administrators managing multiple tenants
- Guest user registration - limited, token-based read-only access for external stakeholders (e.g., customer portals)
Role-Based Access Control (RBAC)
Roles define what a user can do. KpiX supports:
- Built-in roles - Administrator, Operator, Viewer out of the box
- Custom roles - create fully custom roles with API-level privilege assignments
- Update role privilege mappings at any time without disrupting active users
User Groups
Organise users into named groups for efficient bulk management:
- Assign a group to a hierarchy node - everyone in the group inherits that scope
- Route notification rules to entire groups
- Ideal for site teams, shift crews, or customer accounts
Hierarchy-Scoped Access
Connect users to specific levels of your organisational hierarchy:
Organisation → Site → Building → Floor → Zone → Asset
A user bound to "Site A, Building 2" only sees assets in that building. They cannot view, query, or control anything outside their scope - enforced at the API level.
Multi-Application Management
KpiX supports multiple isolated applications (tenants) within a single platform instance:
- Each application has its own users, roles, assets, and data
- Platform-level administrators can manage and audit across all applications
- Ideal for OEMs managing multiple customer environments from one platform
Key Benefits
- Least-privilege by default - users only access what their role and scope permit
- Custom roles - no rigid permission tiers; build exactly the access model you need
- Hierarchy-scoped - geographic and organisational access boundaries enforced at API level
- Multi-tenant - one platform instance, many isolated customer environments
See also: Security for authentication, and Audit for tracking who did what.