Application administrators need the ability to control what data and functionality users have access to based on the job they need to get done. In general, the services offered are composed of multiple permissions which are grouped into roles, which in turn can be assigned to users.

The system has four default Roles to choose from, and these will depend on which context the user has been configured, either as a Service Provider user or Customer/Enterprise user, see Default Roles.

A user can be assigned to multiple roles and user access will be a combination of all permissions in the roles, the roles are additive. Refer to Permissions to see how permissions are handled when multiple roles are assigned to users.

For Service Provider users, the roles are tenant-specific. This means that it is possible to configure different roles for a user based on the Service Provider customer list. Service Provider users who have access to multiple customers only use the permissions that apply to the current customer they are logged into. These users must have been configured with Managed customers option, refer to Managed customers in Creating a User.

It is also possible to create new custom Roles. These Roles can be created from new or by duplicating an existing Role.

Default roles cannot be modified, however custom Roles can be created.

Default Roles

RoleDescriptionService Provider



Service Provider AdministratorService provider administrators can create, update and delete customers and users. They also manage license units, subscriptions, app configurations, security, system settings, payment and billing.(tick)(error)
Service Provider Operator

A service provider operator's privileges are limited to managing customer accounts. They can view their managed customer usage data, as well as create, update and delete users. They are also in charge of setting up a user's app configurations, security and systems.

This role has a special behavior where, once a user logs in with this role, they will automatically be redirected to their first managed customer's home page. This behavior only exists for the Service Provider Operator role and doesn't occur for custom roles created on Service Providers.
AdministratorA customer administrator's privileges are limited to viewing and updating their own account and creating, updating and deleting users under their own account.(error)(tick)
Read OnlyRead-only role's privileges are limited to viewing only its own account and users.(error)(tick)
For details on creating and managing Roles, refer to the following sections
Provide feedback on this article