Workspaces Role-Based Access Control (WSRBAC)
Estimated Reading Time: 4 minutes
Overview
Workspaces RBAC (role-based access control) is the best way to securely ensure users only have access to specific workspaces in your environment. Administrators do this by assigning users to a workspace and setting their level of access for that workspace. Workspaces RBAC works with Shared Elements to provide controlled access to each module and reference data collection.
TIP To learn more about modules and workflows in workspaces, visit our Workspaces: Working with Module-Type Apps and Workspaces: Working with Workflow-Type Apps articles.
TIP To learn more about sharing modules and data collections, view our Workspaces Role-Based Access Control (WSRBAC) with Shared Elements article.
The benefits of Workspaces RBAC include:
-
Preventing Creators from editing elements in other workspaces.
-
Setting a user to manage a single workspace, so they can only reference or review configurations.
-
Allowing a Service Administrator to view specific workspaces.
-
Sharing only certain modules with other workspaces or the environment.
TIP To learn more about Workspace permissions and their roles, visit the Creator Role Administration article.
What You'll Learn
In this article, you’ll learn how to:
- Understand the difference between environment and Workspaces RBAC.
- Access and view workspace permissions.
- Assign users to a workspace.
- Change a user's workspace role.
- Remove a user from a workspace.
Differences Between Environment and Workspaces RBAC
Environment and Workspaces RBAC provide roles that control the level of permissions Creators have for an environment and its workspaces. While Environment and Workspaces RBAC provide control over different portions of the Unqork Designer Platform, their permissions can be combined to create a set of permissions for a Creator or user. Only Administrators can assign Environment and Workspace roles to Creators and users.
Environment RBAC
Environment RBAC manages and creates roles applied across all workspaces and admin areas like Services, Assets, PDFs, and Styles. For example, users with Application CRUD (create, read, update, and delete) permissions at the environment level can CRUD all workspaces.
NOTE To learn more about managing Environment RBAC, view our Environment Level Role-Based Access Control article.
Workspaces RBAC
Workspaces RBAC manages roles that are applied to a specific workspace. Workspaces RBAC overrides Environment RBAC permissions for specific workspaces. For example, if a user has Application CRUD at the environment level, assigning them the View role in a workspace prevents them from using their Application CRUD permissions in that workspace.
Available workspace roles include Can View, Can Edit, and Can Manage. These roles can't be modified.
Here's a chart with an example of an architectural layout for an environment and two workspaces (WS):
As a use case, administrators can assign Update permissions for a user to update all workspaces. But, if there's a workspace the administrator doesn't want updated, they can assign that same user the Can View permission for that workspace using Workspaces RBAC. Or, a user might have environment access to services and only view access to a specific workspace.
Accessing Workspace Roles
You can access the Workspace Roles pane as follows:
| 1. | From a workspace tile, use one of the following options: |
-
Click the Workspace Users (
) button. -
Click the ellipsis (...) button, then click Workspace Users.
Assigning Users To a Workspace and Role
You assign a user to a role at the same time as assigning them to a workspace. It's important to note that administrators have access to all Workspaces actions, so you can't assign them a role.
To assign a user to a workspace and role:
| 1. | At the top right of the Unqork Designer Platform, click Workspaces. |
| 2. | Find the Workspace tile where you want to add a user and click the Workspace Users () button. |
| 3. | In the Select User(s) field, enter the user's name. Or, select a user from the drop-down. |
TIP You can select multiple users in this step, they're assigned the same Workspaces role when added.
| 4. | Next to the user name, select a Workspaces role from the drop-down. The default is Can View. |
| 5. | Click Add. |
Once added, the selected users, their email addresses, and their permission levels display in the table. Users also receive an email notification when they're added or removed from a workspace.
Changing a User's Workspace Role
To change a user's workspace role:
| 1. | At the top right of the Unqork Designer Platform, click Workspaces. |
| 2. | Find the Workspace tile where you want to edit a user and click the Workspace Users () button. |
| 3. | In the Permission column of the table, select a permission level from the drop-down for a specific user. Your options are Can View, Can Edit, Can Manage, and Remove. |
Removing a User From a Workspace
To remove a user from a workspace:
| 1. | At the top right of the Unqork Designer Platform, click Workspaces. |
| 2. | Find the Workspace tile you want to remove a user from and click the Workspace Users () button. |
| 3. | In the Permission column, select Remove from the drop-down. |
NOTE Users can remove themselves from a workspace role. In this case, they see Leave instead of Remove in the permissions column.
Resources
