Skip to content
Prevu3D

Overview

User management in RealityPlatform controls who can reach your organization’s content and what they can do with it. This overview explains the access model. The rest of this section covers each piece in detail.

Two questions: access and permissions

Section titled “Two questions: access and permissions”

Every authorization decision answers two separate questions:

  • Access (where) determines which parts of the content hierarchy a user can reach (divisions, sites, files, and the products tied to them).

  • Permissions (what) determine which actions a user can perform there (view, create, edit, delete, publish, download, manage access, and so on).

A user can have access to an item but still be blocked from an action if their role does not include the matching permission.

Content is organized as a hierarchy

Section titled “Content is organized as a hierarchy”

Content follows your organization’s structure as a tree: Organization → Division → Site → Files. Access granted on a parent is inherited by everything beneath it.

  • Grant access at the Division level, and the user reaches every Site and File inside it.

  • Remove access higher up, and it is removed everywhere below.

  • Nothing leaks sideways: without an explicit or inherited grant, content stays invisible.

You can refine inherited access with nested context (for example, allow a Site but restrict the user to RealityTwin only). See Roles & Permissions for details.

Roles come in two kinds

Section titled “Roles come in two kinds”

  • Administrative roles control settings and governance (users, groups, permissions, SSO, subscription). A user has at most one.

  • Content roles control what a user can do on content and products (RealityTwin, RealityPlan, 3D Data Viewer). These are what get assigned across the hierarchy.

See Roles & Permissions for the full model, including role stacking and customization.

How access gets assigned

Section titled “How access gets assigned”

You grant content access in two ways:

  • Directly to a user when inviting or editing them.

  • Through the share modal on a division, site, or file, to a user or a whole group.

Groups let you assign access once and apply it to many users at scale, and can be mapped from your identity provider through SSO.

Where to go next

Section titled “Where to go next”