Assigning user roles
User roles provide a set of tenant-level permissions to users, beyond the general permissions granted by the user allocations. User roles let you grant a user a specific role or function in the tenant. Only a tenant administrator can assign roles to users, and this can only be done from the Management Console. User roles are optional and do not need to be assigned to any or all users. For users who have no user role, their permissions are based on their user allocation.
User roles in the Management Console
Admin users with access to the Users section of the Management Console can access the All Users tab. This view shows a list of users that have been added or invited to the tenant. Click the 
activate or deactivate the user, to assign and edit user roles, and to revoke mobile access if it has been granted.
What is a user role
A user role is a set of permissions that are granted to a user in addition to the permissions granted to them with their user allocation. User roles are divided into administrator roles and user roles. Users with administrator roles are granted some administrative permissions. Users with user roles have permissions to create specific types of resources. By assigning user roles to users, you can better organize your users and what they can do in the tenant.
You can assign the following roles:
| User role | Type | Use case | Access granted with user role |
|---|---|---|---|
| TenantAdmin | Administrator | A full tenant administrator. A user with this role has complete access to the Management Console to manage and administer the tenant. | Access to Management Console from Launcher |
| DataAdmin | Administrator | A partial administrator. A user with this role has access to the Management Console but only to manage data spaces. | Access to Management Console from Launcher |
| SharedSpaceCreator | User | A user who can create shared spaces. | Create space option under Add new button in hub |
| ManagedSpaceCreator | User | A user who can create managed spaces. | Create space option under Add new button in hub |
| Developer | User | A user can generate API keys. | API Keys option under User Profile menu |
How user roles interact with user allocation
Users who join the tenant are assigned a user allocation, either professional or analyzer. See Assigning user allocations for more information. User allocations divide users into content consumers and content creators. The user allocation also determines which areas of the tenant are visible to a user. Analyzer users are strictly content consumers, as a result, the Add New button is hidden from their view. Professional users are both content consumers and content creators, which means they have access to the Add New button. This lets them create new resources like apps and spaces. However, user roles provide additional permissions beyond user allocation permissions. For example, an Analyzer user who is assigned a space creator role will gain access to the Add New button to create a space.
How user roles interact with the data integration subscription
The data integration subscription gives you access to the data integration home, and roles specifically designed for data admins and data spaces.
Assigning user roles
User roles are assigned to users in the Management Console, and only users that have a TenantAdmin role can assign user roles.
Do the following:
- In the Management Console, go to the Users section.
- Either:
- Click the button on the user row.
- Check the box beside the user.
- Click the
- Click Edit roles.
- On the User tab, select the user roles you want to assign.
- On the Admin tab, select the user roles you want to assign.
- Click Save.