Creator Role Administration
Estimated Reading Time: 7 minutes
Overview
Creator Role Administration is where administrators can manage the RBAC RBAC (Role-Based Access Control) is a method to control system access for authorized users. The role in RBAC refers to the levels of access employees have to a network. for environments and workspaces they control. The Creator Role Administration page is divided into two sections, Environment Roles and Workspace Permissions. The Environment Roles section allows administrators to view, create, and edit environment RBAC roles for users of the Unqork Designer Platform. The Workspace Permissions section displays predefined workspace permission roles and breaks down each role type into the different actions an assigned user can perform.
The benefit of Creator roles includes increased security and limiting user access to only resources strictly required for the Creators in Unqork Designer. Administrators can prevent Creators that don't have authorized access from editing workspace settings, viewing data collections, deleting applications, and so on.
Understanding the Difference Between Environment Roles and Workspaces Permissions
Creator Role Administration is the main admin page for creating environment roles and assigning workspace permissions to your users. When you access Creator Role Administration, you see two tabs to the left of the page:
-
Environment Roles: This tab lets you add environment roles for Creators.
-
Workspaces Permissions: This tab lets you view Workspaces permissions for Creators.
Let's look at each of these tabs individually.
Environment Roles
Use the Environment Roles tab to add Creator roles and set their permissions. These Creator roles apply to Creator users. These are users with access to the Designer tools, like the Module Builder. The Environment Roles tab lets you customize permissions to best fit your needs.
TIP To add Creator users to your environment, see our Creator (User) Administration article.
Creator roles let you manage who can edit and organize your:
-
Applications (including modules, workflows, and applications)
-
Data Collections
-
Themes (Style Administration)
-
Services and Global Variables
-
Manages Assets
-
Document Templates
You can manage users and roles separately for Express View and for Designer tools. To manage your Creator users, use Creator (User) Administration and Creator Role Administration. Use Creator users and roles to assign who can manage and edit your applications.
It's important to note that Creator roles don't carry over to Express View. To manage your Express users, use Express User Administration and Express Role Administration. These end-users are the ones interacting with your production applications on the front end.
TIP To add Express users, see our Express User Administration article. To manage Express roles, see our Express Role Administration article.
To manage permissions in the Designer tools, Unqork classifies Creator users by Creator roles. Each Creator user has at least one Creator role. You can use Creator roles to regulate access to applications, themes, services, and so on.
Each Unqork environment comes with four default Creator roles:
|
Role |
Description |
|---|---|
|
Administrator |
Known as the super-user role. Lets the Creator user set up new user credentials and view, update, create, or delete:
The Administrator role is special. It's the only role with access to manage:
|
|
Contributor |
The standard role for Creators Also known as Unqork Users, or Designer Users; is anyone who is inside the Unqork platform.. You can modify the Contributor role to increase, or restrict Creator access to the environment. |
|
Viewer |
The Viewer role is for users who should be able to view, but not modify elements in a workspace. You can edit the Viewer role to increase, or restrict access to the environment. By default, the Viewer role can view all permission areas, but does not have update, create, delete, or promote access. |
|
Basic |
The initial role for Creators. New users with the Basic role do not have access to workspaces or environment settings. Administrators can assign Basic role users to view or edit individual workspaces. TIP To learn more about assigning Basic role users to workspaces, view our Workspaces Role-Based Access Control article. |
Adding and Deleting Creator Roles
Set up Creator roles with specific permissions for your environments. If a Creator role no longer applies, you can remove it from the environment.
Adding a Creator Role
To add a Creator role to your environment:
| 1. | At the top right of the Unqork Designer Platform, click the Settings ▾ drop-down. |
| 2. | Click Administration. |
| 3. | Under Creator Permissions, click Creator Role Administration. |
| 4. | At the top of the page, click Add Role. |
| 5. | In the Name and Role Description fields, enter the role's name and description. Note that the Name is permanent. |
| 6. | In the Permission Areas, select all permissions you want for the role. The permissions available are: |
|
Permission |
Description |
|---|---|
|
View |
Can see the chosen Designer items but can't make changes. |
|
Update |
Can make changes to the chosen Designer item. |
|
Create |
Can add new Designer items. |
|
Delete |
Can remove the chosen Designer item from your environment. |
|
Promote |
Can move the chosen Designer item up to the next environment. |
NOTE There's a hierarchy of permissions. When you choose a permission, Unqork automatically enables permissions lower than that permission. For example, if you choose Delete, Unqork also selects Create, Update, and View. To delete something, you must be able to view or update it.
| 7. | Click Add Role. |
Once you add a Creator role, you can assign the role to your Creator users using Creator (User) Administration.
TIP To learn more about Creator (User) Administration, see our Creator (User) Administration article.
Deleting a Creator Role
From time to time, you might need to delete Creator roles. To delete a Creator role, remove all users assigned to that role. You can find the Delete option on the Edit Creator Role page.
To delete a Creator role:
| 1. | At the top right of the Unqork Designer Platform, click the Settings ▾ drop-down. |
| 2. | Click Administration. |
| 3. | Under Creator Permissions, click Creator Role Administration. |
| 4. | In the Actions column, click Edit for the role you want to delete. |
| 5. | Click Delete at the bottom of the Edit Creator Role page. |
Viewing and Editing Creator Roles
After adding a Creator role, you can view or edit its details and permissions.
Viewing a Creator Role's Permissions
You can view the role's name, description, and permissions in the Permissions table. The table shows you the role's current permission levels for each Permission Area.
To view a Creator role:
| 1. | At the top right of the Unqork Designer Platform, click the Settings ▾ drop-down. |
| 2. | Click Administration. |
| 3. | Under Creator Permissions, click Creator Role Administration. |
| 4. | In the Actions column, click View to see the role. |
| 5. | To return to Creator Role Administration, click Back to Creator Roles. |
Editing a Creator Role
Your permission preferences might change as your application evolves. You can customize Creator roles even after you add them. By editing a Creator role, you can update its descriptions and permissions. Remember, Creator role names are permanent.
NOTE You cannot edit the settings of the Administrator role. The Administrator role is permanent and required for the environment to function.
To edit a Creator role:
| 1. | At the top right of the Unqork Designer Platform, click the Settings ▾ drop-down. |
| 2. | Click Administration. |
| 3. | Under Creator Permissions, click Creator Role Administration. |
| 4. | In the Actions column, click Edit for the role you want to edit. |
| 5. | Make your changes to the role description or role permissions. |
| 6. | Click Save Changes. |
Workspace Permissions
The Workspace Permissions tab lets administrators control how users interact with their environment workspaces. These predefined permissions control whether a user can create, view, edit, promote, or delete an environment from a workspace. When combined with creator roles, administrators have a granular level of control over their environments.
TIP To learn more about assigning users workspace permissions, see our Workspaces RBAC (Role-Based Access Control) article.
Each workspace comes with three predefined roles:
|
Role |
Description |
|---|---|
|
User can view applications and modules in the workspace. User can also view services in Services Administration. |
|
|
User can perform the following actions:
NOTE The Can Edit role cannot promote applications. Users also have access to the following settings in Services Administration:
|
|
|
Users have full access to the workspace, including:
NOTE Only Administrators can add users to a workspace and add or update permissions. Users also have access to the following settings in Services Administration:
|
Viewing Workspace Permissions
Unqork has several predefined permissions for workspace roles. Unlike environment-level roles, where you can create and customize your own, you can't customize workspace roles. These predefined permissions are split into Viewer, Editor, and Manager—each granting different levels of access to a workspace.
To view Workspace Permissions:
| 1. | At the top right of the Unqork Designer Platform, click the Settings ▾ drop-down. |
| 2. | Click Administration. |
| 3. | Under Creator Permissions, click Creator Role Administration. |
| 4. | Under Roles & Permissions, click Workspace Permissions. |
| 5. | Select Can Manage, Can Edit, or Can View. A slide-out modal displays, highlighting the permissions for your choice. |
Here's an example of the highlighted permissions for Can Manage:
Resources
