About role-based access
The role-based access control is a permission model used to manage access to workspace resources based on a number of predefined user roles. Assigning a role to a user grants them permissions to use specific features of the workspace and manage files.
Currently, workspaces support the following user roles: Standard User, Workspace Administrator, Manager, Contributor, and Tenant Administrator. It should be noted that roles are assigned on a workspace basis, meaning a user can have a Contributor role in one workspace and be a Workspace Administrator of the other.
Newly signed-up users do not have access to any of the workspaces. Workspace Administrators, Managers or Tenant Administrators can invite users to a workspace and assign them a role, thus giving them the permissions to perform certain operations within a workspace. This way administrators can ensure that the principle of least privilege is followed.
Summary of the roles
- Standard Users can use most of the functionality of the workspace but they do not have the permissions to manage workspace access.
- Workspace Administrators have the same privileges as Standard Users but additionally, they are also responsible for workspace user management. Workspace Administrators can invite new members to a workspace, and assign appropriate user roles.
- Managers have the all the same privileges as Workspace Administrators but one: they cannot approve or reject Airlock requests.
- Contributors have no access to the workspace via the UI. Workspace Contributors can only Airlock files to the workspace they are a Contributor of.
- Tenant Administrators are not Workspace users, their role is a purely administrative one. Tenant Administrators are responsible for the creation and deletion of workspaces, as well as inviting members to a workspace, assigning them user roles, and appointing an owner for each workspace. TAs can also be assigned a workspace role in a specific Workspace.
Further details on each user role can be found below and in the relevant knowledge base articles in this section.
Role-based privileges
| Administrator | Manager | Standard User | Contributor | Tenant Administrator | |
|---|---|---|---|---|---|
| Create and delete files | |||||
| Access and edit datasets | |||||
| Workspace-to-workspace Airlock | |||||
| Approve or reject data export requests | |||||
| Use R console | |||||
| Publish, run and delete Mini-apps | |||||
| Use Virtual Desktop | |||||
| Create, edit and delete notes and insights | |||||
| View list of workspaces that they have been granted access to | |||||
| Access workspace audit | |||||
| Manage workspace access | |||||
| Edit workspace summary | |||||
| Add or delete workspaces |