Skip to content

Space Roles Management

Space Permissions and Roles

The Space Permissions page shows the permissions assigned to users or groups for accessing or managing a specific space. This interface enables granting new permissions, as well as editing or revoking existing ones. Users or groups can be sourced from local directories or any integrated user directory like LDAP, Active Directory, or Entra ID.

Permissions in spaces are inherited downwards in the space hierarchy, with the ability to break inheritance to create unique permissions for the space, or to inherit permissions from the parent space.

The application supports the following space roles:

Administrator
The Administrator role has full access to view and manage settings, management functions and assets of the space.
 Auditor
The Auditor role has read only access to view settings, management configurations and assets of the space.
Service
The Service role has API access to the space. This Service role should be granted to accounts used in the configuration of remote nodes.		 Space Manager
The Space Manager role has access to view and manage sub-spaces of the given space.
MFA Manager
The MFA Manager role has access to view and manage the MFA configuration of the space.		 Configuration Manager
The Configuration Manager role has access to view and manage the integration configurations of the space.
Directory Manager
The Directory Manager role has access to view and manage the local user directories of the space.		 Asset Type Manager
The Asset Type Manager role has access to view and manage the asset types of the space.
Taxonomy Manager
The Taxonomy Manager role has access to view and manage the taxonomies of the space.		 Asset Manager
The Asset Manager role has access to view and manage the assets of the space.
Permission Manager
The Permission Manager role has access to view and manage the permissions of the space.		 Task Manager
The Task Manager role has access to view and manage scripts, parsers as well as asset type (with the Asset Type Manager role) and asset task lists (with the Asset Manager role or Asset Owner permission).
Segmentation Manager
The Segmentation Manager role configures, manages and executes segmentation policies of the space.		 API Token Manager
The API Token Manager role has access to view and manage space API tokens.
Intelligent Tagging Manager
The Intelligent Tagging Manager role has access to view and manage intelligent tagging rules.		 Request Manager
The Request Manager role has access to view and manage space Request Forms and space Form Selectors. Asset Role: Asset Manager or higher is required to manage asset level form selectors.
Analytics Manager
The Analytics Manager role has access to view, manage and build AI Models as well as to use AI Models and AI Clusters to classify and analyze space assets.

View Space Roles

To view the currently configured Space Roles assigned within this Space:

  1. Log in to the Space with an Administrator, Permission Manager, or Auditor account.
  2. Navigate to Management > Space Roles.

From the list, each User or Group currently assigned a Space Role will be displayed. The table columns are:

  • User or Group: Displays the User or Group that currently has an assigned Space Role.
  • Type: Displays the type of the User or Group; User or Group.
  • Directory: Displays the directory name from where this User or Group originates. Local indicates the Local User Directory, Master indicates from the base tenant, and <custom names> indicate from the Name value of an externally configured user directory.
  • Permissions: Displays all the Space Roles assigned to this User or Group.
  • Actions: Opens the Actions dropdown menu with available options:
    • Edit: Allows the user to Edit the currently selected user's or group's assigned Space Roles.
    • Revoke: Allows the user to Revoke this user or group from Space Roles, effectively removing all their Space Role assignments.

Grant Space Roles

To grant a User or Group a Space Role within the current Space:

  1. Log in to the Space with an Administrator or Permission Manager account.
  2. Navigate to Management > Space Roles and click the Grant button.
  3. Select the User or Group to apply the Space Role to using the User or Group field at the top of this form. The User or Group may originate from the local directory or any external directory configured with this tenant.
  4. After selecting the user or group, choose the Space Role(s) to assign by clicking the enable switch to the right of the role.
  5. To complete this operation, click the Grant button.

Granting Space Roles

Revoking Space Roles

To revoke a User or Group a Space Role within the current Space:

  1. Log in to the Space with an Administrator or Permission Manager account.
  2. Navigate to Management > Space Roles, locate the User or Group that will have their Space Roles revoked, and open their Actions menu to the right side of this table.
  3. Select the Revoke option to remove their Space Roles.

Revoke Space Roles

To revoke the Space Roles of multiple Users or Groups:

  1. Log in to the Space with an Administrator or Permission Manager account.
  2. Navigate to Management > Space Roles, select all the Users or Groups that will have their Space Roles revoked by clicking the selection box to the left side of this table, and open the Mass Actions menu.
  3. Select the Mass Actions > Revoke option to remove the Space Roles from all selected Users or Groups.

Mass Revoke Space Roles

Space Role Inheritance

Permissions in Spaces are inherited downwards in the space hierarchy by default, with the ability to break inheritance to create unique permissions for the space, or to re-inherit permissions from the parent space. Permission inheritance begins with the Root tenant Space and inherit down to all child spaces, unless or until this inheritance is broken on a child Space.

Space Roles Inherited Permissions

To break Space Role inheritance making a child Space have its own unique permissions:

  1. Log in to this Space with an Administrator or Permission Manager account.
  2. Navigate to Management > Space Roles, click on the Make Unique button.
  3. After the Make Unique operation completes, the inherited permissions from the parent Space are unique but remain configured for this Space. You may now update these unique Space Roles by revoking the once inherited permissions and granting new as needed.

Space Roles Unique Permissions

Note

If you later decide that inheritance should be returned from the parent, you can use the Inherit button on this page to re-establish the parent-child Space role inheritance.

Space Roles Unique Permissions

Re-establishing inheritance will remove all unique permissions from the child Space and re-inherit those from its parent, returning this child Space to the default inheritance of its parent.