Follow

Roles and permissions in the workspace

Before you assign a role to a user, it is important to know what the role entails and what you would like to achieve. Best practice is to assign the least amount of permissions necessary.
In this article we will give you an overview of the various roles (Administrator, Owner and User) in the workspace and link to the corresponding articles. Which roles do we have? What are the permissions? How to they relate to each other? 

Summarized below the three roles and corresponding permissions:

Role Permissions
Administrator

Subscriptions

Announcements

User & group management

Shared Tile Groups

Single sign-on

Clientless RDP

Autotask connections

Nedap ONS connections

TOPdesk connections

Vilans KICK connections

Active Directory

SharePoint documents
Fileservers

Configure Office preferences

Workspace Management

App Store

API settings

Email & Exchange

Template

Branding

Shared Spaces

Owner

Shared tile group management

Application management inside shared groups
User

Personal tile groups
Add tiles

Configure user profile (limited)

Please take note of our article about Best Practices for the workspace. 

Administrator

The administrator has the most permissions. A workspace administrator can configure the following:

  • Subscriptions: change the subscription of workspace environment by downgrading or upgrading to a lower or higher subscription. This will remove or add license features.
  • Announcements: easily inform people in your organization on news, updates, accomplishments or anything else you want to share by creating announcements. 
  • Creating new users: import users from Office 365 and Office 365 groups. It is recommended to create users in Azure, not the workspace.
  • User groups: this is recommended in case of bigger workspace environments. Organize applications and permissions by creating user groups and configure group permissions (Group permissions and Group Management).
  • Shared Tile Groups: create a specific combination of tiles which can be offered to users directly and force these shared tile groups directly on the main page. This will save a lot of time for the users. Only administrators can change the organization and content of tiles which are placed in shared tile groups.
  • Single sign-on: enable SSO and decrease login procedures for workspace users.
  • Clientless RDP: configure clientless RDP for users to get access to all your remote applications from any device, without installing anything. 
  • Autotask connections: track IT tickets and projects which supports the IT services within your company. Provide internal IT support and Managed Service Providers to provide support to your customers from the Autotask tile overview. As an administrator you can also configure one Autotask for multiple workspaces on an instance. 
  • Nedap ONS connections: configure this is a Micro App for healthcare, which includes a Planning and a Clients live tile. 
  • TOPdesk connections: configure TOPdesk for a single or multiple workspaces on an instance. This way, IT Support and other employees can instantly view and open support tickets from the TOPdesk live tile
  • Vilans KICK connections: with this Micro App you effortlessly search through all KICK protocols with the search function, and open the protocol you need with one click. 
  • Active Directory: enable Active Directory Sync from the workspace and an authentication token will be generated and displayed in the corresponding field. Choose to manage the administrator role from the workspace or Azure AD. 
  • SharePoint documents: if you want to use SharePoint in the documents app, you can configure SharePoint as an admin in the SharePoint documents settings.
  • Fileservers: you can also choose to set up Fileserver(s) in combination with SharePoint or as the only document store. Configure the fileserver URL and make sure the fileserver is accessible via WebDav SSL.
  • Open files in local or online Office applications: The administrator can set permissions on how users can open documents in local applications of Office or in the online version. 
  • Workspace management: configure workspace templates for users and configure automatic reordering of tiles within shared groups
  • App Store: create, edit and manage applications for its users.
  • API settings: provisioning API is intended for provisioning and managing workspace 365 resources. Everything about the API documentation can be found here. 
  • Email & Exchange: configure Email/Exchange if you have Exchange Online. It is also possible to configure Exchange On-Premises. In that case you need to configure the Exchange EWS URL and provide the user credentials to access the mailboxes. More information about Email configuration can be found here
  • Templates: set up the workspace as a template for new users within seconds. When saving a template of the current workspace, the template is updated with all the personal app groups that the administrator has set in his/her own w It is also possible to return to the default workspace.
  • Branding: brand your workspace to your liking by selecting the colors, workspace logo, home logo and even the product name.
  • Shared Spaces: bring more structure to the workspace by creating spaces for different user groups. Within these spaces, shared tile groups can be created.

Owner

Only the administrator can assign the role “owner”. There are two types:

  • Group owners: manage shared tile groups. You will have the permission to change contents of that shared group.
  • Application owners: manage specific applications. You can change which applications are shown inside the shared group.

User

As a user, you will have the least amount of permissions unless permission are granted by the administrator or group owner. By default, you can edit your own workspace by creating personal tile groups and adding tiles and configuring your user profile, e.g. your birthday or profile picture.