About role-based access
The role-based access control is a permission model used to manage access to workspace resources based on a number of predefined user roles. Assigning a role to a user grants them permissions to use specific features of the workspace and manage files.
Currently, workspaces support the following user roles: Standard User, Workspace Administrator, Manager, Contributor, and Tenant Administrator. It should be noted that roles are assigned on a workspace basis, meaning a user can have a Contributor role in one workspace and be a Workspace Administrator of the other.
Newly signed-up users do not have access to any of the workspaces. Workspace Administrators, Managers or Tenant Administrators can invite users to a workspace and assign them a role, thus giving them the permissions to perform certain operations within a workspace. This way administrators can ensure that the principle of least privilege is followed.
Summary of the roles
- Standard Users can use most of the functionality of the workspace but they do not have the permissions to manage workspace access.
- Workspace Administrators have the same privileges as Standard Users but additionally, they are also responsible for workspace user management. Workspace Administrators can invite new members to a workspace, and assign appropriate user roles.
- Managers have the all the same privileges as Workspace Administrators but one: they cannot approve or reject Airlock requests.
- Contributors have no access to the workspace via the UI. Workspace Contributors can only Airlock files to the workspace they are a Contributor of.
- Tenant Administrators are not Workspace users, their role is a purely administrative one. Tenant Administrators are responsible for the creation and deletion of workspaces, as well as inviting members to a workspace, assigning them user roles, and appointing an owner for each workspace. TAs can also be assigned a workspace role in a specific Workspace.
Further details on each user role can be found below and in the relevant knowledge base articles in this section.
|Administrator||Manager||Standard User||Contributor||Tenant Administrator|
|Create and delete files|
|Access and edit datasets|
|Approve or reject data export requests|
|Use R console|
|Publish, run and delete Mini-apps|
|Use Virtual Desktop|
|Create, edit and delete notes and insights|
|View list of workspaces that they have been granted access to|
|Access workspace audit|
|Manage workspace access|
|Edit workspace summary|
|Add or delete workspaces|