Workspaces Role-Based Access Control (WSRBAC)

NOTE  Workspaces Role-Based Access Control (WSRBAC) is releasing to Staging and UAT environments gradually beginning November 14. You'll receive an in-product announcement when this feature is available in your environment

Estimated Reading Time:  4 minutes


Workspaces RBAC (role-based access control) is the best way to securely ensure users only have access to specific workspaces in your environment. Administrators do this by assigning users to a workspace and setting their level of access for that workspace. Workspaces RBAC works with Shared Elements to provide controlled access to each module and reference data collection.

TIP  To learn more about modules and workflows in workspaces, visit our Workspaces: Working with Module-Type Apps and Workspaces: Working with Workflow-Type Apps articles.

TIP  To learn more about sharing modules and data collections, view our Workspaces Role-Based Access Control (WSRBAC) with Shared Elements article.

The benefits of Workspaces RBAC include:

  • Preventing Creators from editing elements in other workspaces.

  • Setting a user to manage a single workspace, so they can only reference or review configurations.

  • Allowing a Service Administrator to view specific workspaces.

  • Sharing only certain modules with other workspaces or the environment.

TIP  To learn more about Workspace permissions and their roles, visit the Creator Role Administration article.

What You'll Learn

In this article, you’ll learn how to:

Differences Between Environment and Workspaces RBAC

Environment and Workspaces RBAC provide roles that control the level of permissions Creators have for an environment and its workspaces. While Environment and Workspaces RBAC provide control over different portions of the Unqork Designer Platform, their permissions can be combined to create a set of permissions for a Creator or user. Only Administrators can assign Environment and Workspace roles to Creators and users.

Environment RBAC

Environment RBAC manages and creates roles applied across all workspaces and admin areas like Services, Assets, PDFs, and Styles. For example, users with Application CRUD (create, read, update, and delete) permissions at the environment level can CRUD all workspaces.

NOTE  To learn more about managing Environment RBAC, view our Environment Level Role-Based Access Control article.

Workspaces RBAC

Workspaces RBAC manages roles that are applied to a specific workspace. Workspaces RBAC overrides Environment RBAC permissions for specific workspaces. For example, if a user has Application CRUD at the environment level, assigning them the View role in a workspace prevents them from using their Application CRUD permissions in that workspace.

Available workspace roles include Can View, Can Edit, and Can Manage. These roles can't be modified.

Here's a chart with an example of an architectural layout for an environment and two workspaces (WS):

As a use case, administrators can assign Update permissions for a user to update all workspaces. But, if there's a workspace the administrator doesn't want updated, they can assign that same user the Can View permission for that workspace using Workspaces RBAC. Or, a user might have environment access to services and only view access to a specific workspace.

Accessing Workspace Roles

You can access the Workspace Roles pane as follows:

1. From a workspace tile, use one of the following options:
  • Click the Workspace Users () button.

  • Click the ellipsis (...) button, then click Workspace Users.

Assigning Users To a Workspace and Role

You assign a user to a role at the same time as assigning them to a workspace. It's important to note that administrators have access to all Workspaces actions, so you can't assign them a role.

To assign a user to a workspace and role:

1. At the top right of the Unqork Designer Platform, click Workspaces.
2. Find the Workspace tile where you want to add a user and click the Workspace Users () button.
3. In the Select User(s) field, enter the user's name. Or, select a user from the drop-down.

TIP  You can select multiple users in this step, they're assigned the same Workspaces role when added.

4. Next to the user name, select a Workspaces role from the drop-down. The default is Can View.

5. Click Add.

Once added, the selected users, their email addresses, and their permission levels display in the table. Users also receive an email notification when they're added or removed from a workspace.

Changing a User's Workspace Role

To change a user's workspace role:

1. At the top right of the Unqork Designer Platform, click Workspaces.
2. Find the Workspace tile where you want to edit a user and click the Workspace Users () button.
3. In the Permission column of the table, select a permission level from the drop-down for a specific user. Your options are Can View, Can Edit, Can Manage, and Remove.

Removing a User From a Workspace

To remove a user from a workspace:

1. At the top right of the Unqork Designer Platform, click Workspaces.
2. Find the Workspace tile you want to remove a user from and click the Workspace Users () button.
3. In the Permission column, select Remove from the drop-down.

NOTE  Users can remove themselves from a workspace role. In this case, they see Leave instead of Remove in the permissions column.