Skip to main content
All CollectionsAccess Control
Roles and Permissions for Access Control
Roles and Permissions for Access Control

Learn about roles that define a user's access control permissions in Verkada Command

Updated over a week ago

This article describes the set of roles and associated permissions for Verkada Access Control. For an in-depth explanation of roles and permissions for other Verkada products, see Roles and Permissions for Command users for an in-depth explanation of the features and configurations available for overall Verkada Command usage and administration.


There are two sets of roles that define a given user’s permissions to view and manage access control within Command:

  • Access Control Role. This role is set at the org level and can be set to Access Control Member, Access Control Manager, or Access Control Admin.

  • Access Site Admin. This role is set at the site level and can be turned on or off for each site. In order for a user to be an Access Site Admin of any site, their Access Control Role must be set to either Access Control Manager or Access Control Admin.

See below to learn more about the specific permissions granted to a user given their combination of Access Control Role and sites for which they are an Access Site Admin.

Access Control Role

At a high level, these are the permissions granted to each level of Access Control Roles:

Access Control Member

A user with their org-level Access Control Role set to Access Control Member has no access control administrative permissions. They are not able to be a Site Access Admin for any sites. This user can only unlock doors that they have been given access to, using the credentials and unlock mechanisms that have been granted to them (for example, badge, Bluetooth unlock via Verkada Pass).

Access Control Manager

A user with their org-level Access Control Role set to Access Control Manager can:

  • Unlock the doors they have been given access to, using the credentials and unlock mechanisms that have been granted for them (for example, badge, Bluetooth unlock via Verkada Pass). This is the same as an Access Control Member.

  • View, add, suspend, and edit access users, including updating user information (when the information is not synced via SCIM), granting and suspending access, and adding and deleting credentials.

  • View, add, delete, and edit access groups (for groups that are not synced via SCIM), including adding users to and removing users from groups.

  • View, edit, and delete buildings.

  • View, edit, delete, and add floors within buildings.

  • If you are an Org Admin, view the descriptions of and delete saved event reports created by other users.

For the sites that an Access Control Manager is an Access Site Admin of, they can:

  • View and unlock doors.

  • Change the schedule for a door to a door schedule that has already been created.

  • To a door, add a door schedule exception that has already been created.

  • View live and historical access events. Run, save, export, and distribute reports of these events. Add and edit alerts based on access events.

Access Control Admin

A user with their org-level Access Control Role set to Access Control Admin can:

  • Everything an Access Control Member and Access Control Manager can do.

  • View, add, delete, and edit door schedules, door schedule exceptions, and access schedule exceptions.

  • Update the Access Control Role of other users.

  • For any sites that the user has visibility into, update the Access Site Admin role of other users.

  • Configure org-wide access settings, such as Bluetooth unlock.

For the sites that an Access Control Admin is an Access Site Admin of, they can:

  • Perform everything an Access Control Manager can do.

  • Add, edit, and delete doors, AUX inputs/outputs, lockdowns, and access controllers.

  • Add, edit, and delete access levels and access schedule exceptions.

  • Manage site-level access settings, such as Bluetooth unlock and scheduled firmware updates.

Access Site Admin

When a user is an Access Site Admin of a given site, their permissions for that site depend on whether their org-level Access Control Role is as an Access Control Manager or Access Control Admin. The following table outlines which permissions are granted when a user is made an Access Site Admin of a given Site X:

Access Control Manager

Access Control Admin

  • View live door events for doors in Site X

  • View reports for doors in Site X

  • View door event history

  • View user event history for doors in Site X

  • Change the schedule for a door in Site X to another schedule that already exists

  • Override the schedule for a door in Site X

  • Unlock a door in Site X from Verkada Command

Does everything an Access Control Manager can, in addition to:

  • Change the Access Control Role of other users

  • Add/remove Access Site Admins for Site X

  • Add/remove access control devices in Site X

  • Add/configure/remove doors and AUX devices in Site X

  • Add/configure/remove access levels in Site X

Note: Access Admins who are not also Org Admins cannot grant themselves Access Site Admin permissions.

Upgrade Access Control Role

This section guides you through upgrading a user's Access Control Role. This can be done from both the Access page and the Admin page.

Promote a user account via the Access page

  1. In Verkada Command, go to the All Products > Access.

  2. On the left navigation, click Access Users and Groups.

  3. Search for the user and select the desired user's name.

  4. Click Profile to make changes to the user's profile.

  5. On Profile, next to Access Role, click the dropdown and select the new role.

Promote a user account via the Admin page

  1. In Verkada Command, go to All Products > Admin.

  2. Under Org Settings, select Users.

  3. Search for the user you want to promote and click their name.

  4. Under Access Control Role, click the dropdown and select the new role.

Related resources


Need more help? Contact Verkada Support.

Did this answer your question?