Permissions in spaces are controlled by roles assigned to members when they are added to a space. A role assigned to a member of a space gives that member a set of permissions inside that space and on resources inside the space.
Managed spaces can only be created by tenant admins, analytics admins, and users with the managedspacecreator role. Tenant and analytics admins, space owners, and users with Can manage permissions can add new members to the managed space. Space roles are assigned in Manage members. In Manage members, you search for cloud hub members and groups, assign them roles, and add them to the managed space.
Member roles can be changed to give them new permissions in the space.
Members can be removed from a space in Manage members by clicking the delete icon beside the member.
Permissions in a managed space
Roles in managed spaces give users permissions and access rules in the space. Unlike shared spaces, members of a managed space can have multiple roles applied to them. This enables customized access to the space for each member. If groups have been enabled by a tenant administrator, groups of users can be added to a space with the same role.
What permissions enable for members varies depending on if they have a professional or an analyzer license.
Permissions for members with professional licenses
The following tables outline what members with the professional license can do in a space:
| Role | ||||||
|---|---|---|---|---|---|---|
| Action |
Is owner |
Can manage | Can publish | Can contribute | Can view | Can consume data |
| See the space exists | Yes | Yes | Yes | Yes | Yes | Yes |
| Publish/republish apps to this space | Yes | No | Yes | No | No | No |
| See apps they published to this space | Yes | Yes | No | Yes | Yes | No |
| See all apps in the space | Yes | Yes | No | Yes | Yes | No |
| Delete the space | Yes | Yes | No | No | No | No |
| Add members to the space | Yes | Yes | No | No | No | No |
| Change member permissions for the space (Can manage, Can publish, Can contribute, Can view) | Yes | Yes | No | No | No | No |
| Remove members from the space | Yes | Yes | No | No | No | No |
| Add and edit data sources in the space | Yes | Yes | No | No | No | No |
| Role | ||||||
|---|---|---|---|---|---|---|
| Action | Is owner |
Can manage |
Can publish | Can contribute | Can view | Can consume data |
| Open an app | Yes | Yes | No | Yes | Yes | No |
|
Delete an app |
Yes |
Yes |
No | No | No | No |
|
Open Data model viewer |
Yes | Yes | No | No | No | No |
| Edit app attributes (change name, description, and tags) | Yes | Yes | No | No | No | No |
| Edit app properties (select theme, enable right-to-left reading order, set a bookmark as app default, and sheet title styling) | Yes | Yes | No | No | No | No |
| Reload the app and create scheduled reloads | Yes | Yes | No | No | No | No |
|
View master items |
Yes | Yes | No | Yes | No | No |
|
View variables |
Yes | Yes | No | No | No | No |
| View media library content | Yes | Yes | No | Yes | No | No |
| Add private sheets to the app | Yes | Yes | No | Yes | No | No |
| Add private bookmarks and stories to the app | Yes | Yes | No | Yes | Yes | No |
| Publish your private sheets, bookmarks, and stories to Community in the app | Yes | Yes | No | Yes | No | No |
|
Make your own Community sheets, bookmarks, and stories private in the app |
Yes | Yes | No | Yes | No | No |
| Copy a link to a Public or Community bookmark | Yes | Yes | No | Yes | No | No |
| Take snapshots in the app | Yes | Yes | No | Yes | Yes | No |
| Monitor a visualization in the cloud hub | Yes | Yes | No | Yes | Yes | No |
| Search for app fields in Insight Advisor Chat | Yes | Yes | No | No | No | No |
| Search for app master items in Insight Advisor Chat | Yes | Yes | No | Yes | Yes | No |
| Role | ||||||
|---|---|---|---|---|---|---|
| Action | Is owner |
Can manage |
Can publish | Can contribute | Can view | Can consume data |
| List and use data source in the space | Yes | Yes | No | No | No | Yes |
| Create data source in the space | Yes | Yes | No | No | No | No |
| Duplicate data files in the space | Yes | Yes | No | No | No | No |
| Move data files between spaces | Yes | Yes | No | No | No | No |
| Delete data source from the space | Yes | Yes | No | No | No | No |
|
Edit data connections in the space Note:
User credentials are cleared each time a connection is edited. |
Yes | Yes | No | No | No | No |
| Profile data source | Yes | Yes | No | No | No | No |
| Edit and apply properties to data source in the space | Yes | Yes | No | No | No | No |
| Create app from data source | No | No | No | No | No | No |
| Open data connection or file for app relaod | Yes | Yes | No | No | No | Yes |
| Binary load from apps inside space | Yes | No | No | No | No | Yes |
Permissions for members with analyzer licenses
The following tables outline what members with an analyzer license can do in a managed space:
| Role | |||||
|---|---|---|---|---|---|
| Action | Can manage | Can publish | Can contribute | Can view | Can consume data |
| See the space exists | Yes | Yes | Yes | Yes | No |
| Publish/republish apps to this space | No | No | No | No | No |
| See apps they published to this space | Yes | No | Yes | Yes | No |
| See all apps in the space | Yes | No | Yes | Yes | No |
| Role | |||||
|---|---|---|---|---|---|
| Action | Can manage | Can publish | Can contribute | Can view | Can consume data |
| Open an app | Yes | No | Yes | Yes | No |
|
Delete an app |
Yes | No | No | No | No |
| Add private or public sheets to the app | No | No | No | No | No |
| Add private bookmarks and stories to the app | Yes | No | Yes | Yes | No |
| Take snapshots in the app | No | No | No | No | No |
| Monitor a visualization in the cloud hub | Yes | No | Yes | Yes | No |
| Search for app fields in Insight Advisor Chat | Yes | Yes | No | No | No |
| Search for app master items in Insight Advisor Chat | Yes | Yes | No | Yes | Yes |
| Role | ||||||
|---|---|---|---|---|---|---|
| Action | Is Owner |
Can manage |
Can publish | Can contribute | Can view | Can consume data |
| List data source in the space | Yes | Yes | No | No | No | Yes |
| Create data source in the space | Yes | No | No | No | No | No |
| Duplicate data files in the space | Yes | No | No | No | No | No |
| Move data files between spaces | Yes | No | No | No | No | No |
| Delete data source from the space | Yes | Yes | No | No | No | No |
|
Edit data connections in the space Note: The user must be the connection owner.
|
Yes | Yes | No | No | No | No |
| Profile data source | Yes | Yes | No | No | No | No |
| Edit and apply properties to data source in the space | Yes | Yes | No | No | No | No |
| Create app from data source | No | No | No | No | No | No |
| Open data connection or file for app relaod | Yes | Yes | No | No | No | Yes |
| Binary load from apps inside space | Yes | No | No | No | No | Yes |
Permissions for tenant administrators
Tenant administrators, without specific permissions, have limitations to what they can and cannot do in a managed space. The following tables outline what tenant administrators can and cannot do without managed space permissions.
| Action |
Tenant administrator supported |
|---|---|
| See the space exists in the Management Console | Yes |
| See the space exists in the hub | Yes |
| Publish/republish apps to this space | No |
| See all apps in the space | Yes |
| Delete the space | Yes |
| Add members to the space | Yes |
| Change member permissions for the space (Can manage, Can publish, Can contribute, Can view) | Yes |
| Remove members from the space | Yes |
| Change space owner in the Management Console | Yes |
| Action |
Tenant administrator supported |
|---|---|
| Open an app | No |
|
Delete an app |
Yes |
|
Change app owner in the Management Console |
Yes |
| Export an app from the Management Console | No |
|
Open Data model viewer |
No |
| Edit app attributes (change name, description, and tags) | No |
| Edit app properties (select theme, enable right-to-left reading order, set a bookmark as app default, and sheet title styling) | No |
|
View master items and variables |
No |
| View media library content | No |
| Add private sheets to the app | No |
| Add private bookmarks and stories to the app | No |
| Make private sheets, bookmarks, and stories public in the app | No |
| Make public sheets, bookmarks, and stories private in the app | No |
| Take snapshots in the app | No |
| Monitor a visualization in the cloud hub | No |