Follow

Roles and permissions in the workspace

Before you assign a role to a user, it is important to know what the role entails and what you would like to achieve. Best practice is to assign the least amount of permissions necessary.
In this article we will give you an overview of the various roles (Administrator, Owner, Editor and User) in the workspace and link to the corresponding articles. Which roles do we have, what are the permissions and how do they relate to each other? 

Summarized below the four roles and corresponding permissions:

Role Permissions
Administrator

Subscriptions

Announcements

User & group management

Shared Tile Groups

Single sign-on

Clientless RDP

Autotask connections

Nedap ONS connections

TOPdesk connections

Vilans KICK connections

Active Directory

SharePoint documents
Fileservers

Configure Office preferences

Workspace Management

App Store

API settings

Email & Exchange

Template

Branding

Shared Spaces

Owner - Application

Manage specific applications

Owner - Shared tile groups

Manage shared tile groups.

Owner - Announcement categories

Determine who has access, create and edit announcements for specific categories.

Editor - Announcement categories

Edit or create announcements for a specific category.

User

Personal tile groups
Add tiles

Configure user profile (limited)

Please take note of our article about Best Practices for the workspace. 

Administrator:

The administrator has the most permissions. A workspace administrator can configure the following:

  • Subscriptions: change the subscription of workspace environment by downgrading or upgrading to a lower or higher subscription. This will remove or add license features.
  • Announcements: easily inform people in your organization on news, updates, accomplishments or anything else you want to share by creating announcements. 
  • Creating new users: import users from Office 365 and Office 365 groups. It is recommended to create users in Azure, not the workspace.
  • User groups: this is recommended in case of bigger workspace environments. Organize applications and permissions by creating user groups and configure group permissions (Group permissions and Group Management).
  • Shared Tile Groups: create a specific combination of tiles which can be offered to users directly and force these shared tile groups directly on the main page. This will save a lot of time for the users. Only administrators can change the organization and content of tiles which are placed in shared tile groups.
  • Single sign-on: enable SSO and decrease login procedures for workspace users.
  • Clientless RDP: configure clientless RDP for users to get access to all your remote applications from any device, without installing anything. 
  • Autotask connections: track IT tickets and projects which supports the IT services within your company. Provide internal IT support and Managed Service Providers to provide support to your customers from the Autotask tile overview. As an administrator you can also configure one Autotask for multiple workspaces on an instance. 
  • Nedap ONS connections: configure this is a Micro App for healthcare, which includes a Planning and a Clients live tile. 
  • TOPdesk connections: configure TOPdesk for a single or multiple workspaces on an instance. This way, IT Support and other employees can instantly view and open support tickets from the TOPdesk live tile
  • Vilans KICK connections: with this Micro App you effortlessly search through all KICK protocols with the search function, and open the protocol you need with one click. 
  • Active Directory: enable Active Directory Sync from the workspace and an authentication token will be generated and displayed in the corresponding field. Choose to manage the administrator role from the workspace or Azure AD. 
  • SharePoint documents: if you want to use SharePoint in the documents app, you can configure SharePoint as an admin in the SharePoint documents settings.
  • Fileservers: you can also choose to set up Fileserver(s) in combination with SharePoint or as the only document store. Configure the fileserver URL and make sure the fileserver is accessible via WebDav SSL.
  • Open files in local or online Office applications: The administrator can set permissions on how users can open documents in local applications of Office or in the online version. 
  • Workspace management: configure workspace templates for users and configure automatic reordering of tiles within shared groups
  • App Store: create, edit and manage applications for its users.
  • API settings: provisioning API is intended for provisioning and managing workspace 365 resources. Everything about the API documentation can be found here. 
  • Email & Exchange: configure Email/Exchange if you have Exchange Online. It is also possible to configure Exchange On-Premises. In that case you need to configure the Exchange EWS URL and provide the user credentials to access the mailboxes. More information about Email configuration can be found here
  • Templates: set up the workspace as a template for new users within seconds. When saving a template of the current workspace, the template is updated with all the personal app groups that the administrator has set in his/her own w It is also possible to return to the default workspace.
  • Branding: brand your workspace to your liking by selecting the colors, workspace logo, home logo and even the product name.
  • Shared Spaces: bring more structure to the workspace by creating spaces for different user groups. Within these spaces, shared tile groups can be created.

Owner - Application:

Only the administrator can assign the role “owner”.

  • App owner: Manage specific applications. You can alter the app settings, determine who has access or even assign another user as app owner. You can also change which applications are shown inside the shared group if you have permissions for that specific application.

Owner - Shared tile group:

  • Shared tile group owner: Manage shared tile groups. You will have the permission to change contents of that shared group and determine who has access to the group.

Owner - Announcement category:

  • Announcement category owner: Determine who has access and create announcements for a specific announcement category. 

Editor - Announcement category:

  • Announcement category editor: As an editor, you can only edit or create announcements for a specific category.

User:

As a user, you will have the least amount of permissions unless permission are granted by the administrator or group owner. By default, you can; 

  • Edit your own workspace by creating personal tile groups
  • Adding tiles
  • Configure your user profile, e.g. your birthday or profile picture.