Workspaces and role-based access control

About role-based access

The role-based access control is a permission model used to manage access to workspace resources based on a number of predefined user roles. Assigning a role to a user grants them permissions to use specific features of the workspace and manage files.

Currently, workspaces support the following user roles: Standard User, Workspace Administrator, Contributor, and Tenant Administrator. It should be noted that roles are assigned on a workspace basis, meaning a user can have a Contributor role in one workspace and be a Workspace Administrator of the other.

Newly signed-up users do not have access to any of the workspaces. Workspace Administrators or Tenant Administrators can invite users to a workspace and assign them a role, thus giving them the permissions to perform certain operations within a workspace. This way administrators can ensure that the principle of least privilege is followed.

Summary of the roles

• Standard Users can use most of the functionality of the workspace but they do not have the permissions to manage workspace access.
• Workspace Administrators have the same privileges as Standard Users but additionally, they are also responsible for workspace user management. Workspace Administrators can invite new members to a workspace, and assign appropriate user roles.
• Contributors have no access to the workspace via the UI. Workspace Contributors can only Airlock files to the workspace they are a Contributor of.
• Tenant Administrators are not users, their account is a purely administrative one. Tenant Administrators are responsible for the creation and deletion of workspaces, as well as inviting members to a workspace, assigning them user roles, and appointing an owner for each workspace.

Further details on each user role can be found below and in the relevant knowledge base articles in this section.

Role-based privileges