Assigning user roles
User roles provide a set of tenant-level permissions to users, beyond the general permissions granted by the user allocations. User roles let you grant a user a specific role or function in the tenant. Only a tenant administrator can assign roles to users, and this can only be done from the Management Console. User roles are optional and do not need to be assigned to any or all users. For users who have no user role, their permissions are based on their user allocation.
User roles in the Management Console
Admin users with access to the Users section of the Management Console can access the All Users tab. This view shows a list of users that have been added or invited to the tenant. Click TO activate or deactivate the user, to assign and edit user roles, and to revoke mobile access if it has been granted.
What is a user role
A user role is a set of permissions that are granted to a user in addition to the permissions granted to them with their user allocation. User roles are divided into administrator roles and user roles. Users with administrator roles are granted some administrative permissions. Users with user roles have permissions to create specific types of resources. By assigning user roles to users, you can better organize your users and what they can do in the tenant.
You can assign the following roles:
User role | Type | Permissions | Access granted with user role |
---|---|---|---|
Tenant Admin | Administrator | An administrator with full permissions to manage and administer all aspects of the tenant. See Tenant administrator. | Access to Management Console from Launcher |
Analytics Admin | Administrator | An administrator with limited permissions to manage only some areas of governance and content. See Analytics administrator. | Access to Management Console from Launcher |
Audit Admin | Administrator | An administrator with limited permissions, including access to events and data from the Natural Language API (Developer role also needed). | Access to Management Console from Launcher |
Data Admin | Administrator | Administrator with limited permissions to manage only data spaces. See Data administrator. | Access to Management Console from Launcher |
Shared Space Creator | User | A user who can create shared spaces. | Create space option under Add new button in hub |
Managed Space Creator | User | A user who can create managed spaces. | Create space option under Add new button in hub |
Data Space Creator | User | A user who can create data spaces. | Create space option under Add new button in hub |
Developer | User | A user who can generate API keys. | API Keys option under User Profile menu |
How user roles interact with user allocation
Users who join the tenant are assigned a user allocation, either professional or analyzer. See Assigning user allocations for more information. User allocations divide users into content consumers and content creators. The user allocation also determines which areas of the tenant are visible to a user.
-
Analyzer users are strictly content consumers, as a result, the Add New button is hidden from their view.
-
Professional users are both content consumers and content creators, which means they have access to the Add New button. This lets them create new resources like apps and spaces.
However, user roles provide additional permissions beyond user allocation permissions. For example, an analyzer user who is assigned a space creator role will gain access to the Add New button to create a space.
How user roles interact with the data integration subscription
The data integration subscription gives you access to the data integration home, and roles specifically designed for data admins and data spaces.
Assigning user roles
User roles are assigned to users in the Management Console, and only users that have a Tenant Admin role can assign user roles.
Do the following:
- In the Management Console, go to the Users section.
- Either:
- Click the
button on the user row.
- Check the box beside the user.
- Click the
- Click Edit roles.
- On the User tab, select the user roles you want to assign.
- On the Admin tab, select the user roles you want to assign.
- Click Save.