The Custom Role
The Custom Role in Workspaces is any role that has a set of permissions set by your organisation, rather than one of the existing preset user roles you can find details of in this Knowledge Base.
There is no way for users to produce a custom role for Workspaces. This must be done by the support team for your organisation. If you are a Tenant Administrator (TA), you can raise a service desk ticket asking for the custom role to be created.
The following permissions can be added or removed from a pre-defined user role:
| Area | Description |
|---|---|
| Containersised Apps | View a containerised app for a specific workspace |
| Workspace | View the configured list of domains accessible from the workspace |
| Allow interactive access to the workspace | |
| Read the workspace - name, members, description, tags and not the workspace content | |
| Request the creation of a VM in the workspace | |
| Manage membership of a workspace | |
| Update workspace description, tags, reference | |
| Flags the user as 'protected'. Protected users require the corresponding WriteProtectedMembers to be managed | |
| Workspace Audit | View the workspace audit |
| Workspace Database | Export a table to a CSV file |
| View database contents | |
| Create and update database content | |
| Workspace Export | Create a snapshot of the workspace |
| Workspace Outbound Airlock | Airlock requests can be made |
| Approve airlock requests | |
| Workspace Inbound Airlock | Allow files to be transferred into the workspace via airlock or interactive upload |
| Allow the creation of upload tokens for transferring files into a workspace | |
| Allow files to be transferred into the inbox via interactive upload | |
| Allow creation of upload tokens that are automatically approved and transferred to the destination on upload | |
| View files within a workspace inbox | |
| View, approve and reject files within a workspace inbox | |
| Workspace Secrets | View secrets within a workspace |
| Create and delete secrets within a workspace | |
| Workspace Web App | View and use web apps linked to a workspace |
| Create new web apps linked to a specific workspace | |
| Workspace Storage | View files within a workspace |
| Create and update files within a workspace | |
| Restriction | User can create restrictions on a workspace |
| Metrics | User can access TAM metrics for resources in the same organisation |
Once created, the TA will see this role appear as a selectable option when they are performing user administration activities.
Updated on November 06, 2025