Workspaces and role-based access control

About role-based access

The role-based access control is a permission model used to manage access to workspace resources based on a number of predefined user roles. Assigning a role to a user grants them permissions to use specific features of the workspace and manage files.

Currently, workspaces support the following user roles: Standard User, Workspace Administrator, Contributor, and Tenant Administrator. It should be noted that roles are assigned on a workspace basis, meaning a user can have a Contributor role in one workspace and be a Workspace Administrator of the other.

Newly signed-up users do not have access to any of the workspaces. Workspace Administrators or Tenant Administrators can invite users to a workspace and assign them a role, thus giving them the permissions to perform certain operations within a workspace. This way administrators can ensure that the principle of least privilege is followed.

Summary of the roles

  • Standard Users can use most of the functionality of the workspace but they do not have the permissions to manage workspace access.
  • Workspace Administrators have the same privileges as Standard Users but additionally, they are also responsible for workspace user management. Workspace Administrators can invite new members to a workspace, and assign appropriate user roles.
  • Contributors have no access to the workspace via the UI. Workspace Contributors can only Airlock files to the workspace they are a Contributor of.
  • Tenant Administrators are not users, their account is a purely administrative one. Tenant Administrators are responsible for the creation and deletion of workspaces, as well as inviting members to a workspace, assigning them user roles, and appointing an owner for each workspace.

Further details on each user role can be found below and in the relevant knowledge base articles in this section.

Role-based privileges

  Administrator Standard User Contributor Tenant Administrator
Create and delete files
Access and edit datasets
Workspace-to-workspace Airlock
Approve or reject data export requests
Use R console
Publish, run and delete Mini-apps
Use Virtual Desktop
Create, edit and delete notes and insights
View list of workspaces that they have been granted access to
Access workspace audit
Manage workspace access
Edit workspace summary
Add or delete workspaces
Updated on April 6, 2021

Was this article helpful?

Related Articles

Not the solution you were looking for?
Click the link below to submit a support ticket
CONTACT SERVICE DESK