Appearance
Role Definitions
| Role | Permissions | Description |
|---|---|---|
| Organization Admin | - Manage Organizations: Full control over organizational settings and configurations. - Manage Instances: Can create, update, and delete any instance within the organization. - Manage Memberships: Can add, update, or remove users and groups from the organization. - Access All Content: Full access to all content, files, and folders within the organization. - Manage Content Distribution Groups: Can create, update, and delete content distribution groups. | Highest level of administrative control within the organization. Responsible for overarching management and governance. |
| Instance Admin | - Manage Instances: Can update instance details. - Manage Instance Memberships: Can add, update, or remove users and groups from specific instances. - Access Instance Content: Full access to all content, files, and folders within the instance. - Manage Content Distribution Groups: Can create, update, and delete content distribution groups related to the instance. - Perform Actions: Can perform actions like logging in to an instance. | Administrative role specific to individual instances. Responsible for managing instance-specific settings and memberships. |
| Content Admin | - Manage Content Distribution Groups: Can create, update, and delete content distribution groups. - Access Content: Full access to manage and distribute content within assigned groups. - Override Permissions: Can override default permissions for content-related actions. | Specialized role focusing on the management and distribution of content within the system. |
| Member | - Access Public Content: Can view and interact with public files and folders. - Access Restricted Content: Can access restricted content if they are the owner or have been granted collaboration permissions. - Limited Actions: Cannot manage memberships, instances, or distribution groups. - Interact with Content: Can upload, edit, or delete content they own or collaborate on, based on permissions. | General user role with basic access rights. Can interact with content they have permissions for but lacks administrative capabilities. |
Role Capability Comparison
| Capability | Organization Admin | Instance Admin | Content Admin | Member |
|---|---|---|---|---|
| Manage Organization Settings | ✓ Can update all organization settings | ✗ | ✗ | ✗ |
| List Instances | ✓ Can list all instances within the organization | ✓ Can list instances they manage | ✗ | ✓ Can list instances they belong to or have access via roles |
| Create Instance | ✓ Can create new instances within the organization | ✗ | ✗ | ✗ |
| Update Instance | ✓ Can update any instance settings | ✓ Can update instances within their scope | ✗ | ✗ |
| Delete Instance | ✓ Can delete any instance | ✗ (Instance Admins cannot delete instances) | ✗ | ✗ |
| Restore Instance | ✓ Can restore deleted instances | ✗ | ✗ | ✗ |
| Login to Instance | ✓ Can perform login actions on any instance | ✓ Can perform login actions on assigned instances | ✗ | ✗ |
| Manage Instance Memberships | ✓ Can add, update, or remove any user or group from any instance | ✓ Can manage memberships within specific instances | ✗ | ✗ |
| List Instance Memberships | ✓ Can list all instance memberships | ✓ Can list memberships within their instances | ✗ | ✓ Can list their own memberships or collaborations |
| Create Instance Membership | ✓ Can create memberships for any user or group | ✗ | ✗ | ✗ |
| Update Instance Membership | ✓ Can update any instance membership | ✓ Can update memberships within their instances | ✗ | ✗ |
| Delete Instance Membership | ✓ Can delete any instance membership | ✗ (Instance Admins cannot delete instance memberships directly) | ✗ | ✗ |
| List Assignment Groups | ✓ Can list all instance assignment groups | ✗ | ✗ | ✗ |
| Create Assignment Group | ✓ Can create any instance assignment group | ✗ | ✗ | ✗ |
| Update Assignment Group | ✓ Can update any instance assignment group | ✗ | ✗ | ✗ |
| Delete Assignment Group | ✓ Can delete any instance assignment group | ✗ | ✗ | ✗ |
| List Content Distribution Groups | ✓ Can list all content distribution groups | ✓ Can list content distribution groups related to their instances | ✓ Can list their own or managed content distribution groups | ✗ |
| Create Content Distribution Group | ✓ Can create any content distribution group | ✓ Can create content distribution groups within their instances | ✓ Can create within their distribution group scope | ✗ |
| Update Content Distribution Group | ✓ Can update any content distribution group | ✓ Can update content distribution groups related to their instances | ✓ Can update within their distribution group scope | ✗ |
| Delete Content Distribution Group | ✓ Can delete any content distribution group | ✓ Can delete content distribution groups related to their instances | ✓ Can delete within their distribution group scope | ✗ |
| Manage Collaborations | ✓ Can create, update, and delete any collaboration | ✓ Can manage collaborations within their instances | ✓ Can manage collaborations within their distribution groups | ✓ Can manage collaborations they are part of, based on permissions |
| List Collaborations | ✓ Can list all collaborations | ✓ Can list collaborations within their instances | ✓ Can list collaborations within their distribution groups | ✓ Can list collaborations they are part of, based on permissions |
| Create Collaboration | ✓ Can create any collaboration | ✓ Can create collaborations within their instances | ✓ Can create collaborations within their distribution groups | ✓ Can create collaborations if permissions are granted |
| Update Collaboration | ✓ Can update any collaboration | ✓ Can update collaborations within their instances | ✓ Can update collaborations within their distribution groups | ✓ Can update collaborations they have edit permissions for |
| Delete Collaboration | ✓ Can delete any collaboration | ✓ Can delete collaborations within their instances | ✓ Can delete collaborations within their distribution groups | ✓ Can delete collaborations they have permissions for (Editors cannot delete) |
| List Folders | ✓ Can list all folders within the organization | ✓ Can list folders within their instances | ✗ | ✓ Can list folders they have access to |
| Create Folder | ✓ Can create folders anywhere in the organization | ✓ Can create folders within their instances | ✗ | ✓ Can create folders they have permissions for |
| Update Folder | ✓ Can update any folder except restricted root folders | ✓ Can update folders within their instances | ✗ (Unless managing content distribution group folders) | ✓ Can update folders they own or have permissions for |
| Delete Folder | ✓ Can delete any folder except root folders | ✓ Can delete non-root folders within their instances | ✗ | ✓ Can delete folders they own or have permissions for (Editors cannot delete root folders) |
| List Files | ✓ Can list all files within the organization | ✓ Can list files within their instances | ✓ Can manage files within their distribution groups | ✓ Can list files based on permissions |
| Create File | ✓ Can create files anywhere in the organization | ✓ Can create files within their instances | ✓ Can create files within their distribution groups | ✓ Can create files they have permissions for |
| Update File | ✓ Can update any file | ✓ Can update files within their instances | ✓ Can update files within their distribution groups | ✓ Can update files they own or have edit permissions for |
| Delete File | ✓ Can delete any file | ✓ Can delete files within their instances | ✓ Can delete files within their distribution groups | ✓ Can delete files they own or have delete permissions for |
| Manage Metadata Templates | ✓ Can create, update, and delete any metadata templates | ✗ | ✗ | ✗ |
| List Metadata Templates | ✓ Can list all metadata templates | ✗ | ✓ Can list metadata templates within their distribution groups | ✗ |
| Manage Application Configurations | ✓ Can manage any application configurations/schemas | ✓ Can manage application configurations/schemas related to their instances | ✓ Can manage application configurations/schemas within their distribution groups | ✗ |
| Manage Content Distribution Group Memberships | ✓ Can manage memberships in any content distribution group | ✓ Can manage memberships in distribution groups within their instances | ✓ Can manage memberships in their distribution groups | ✓ Can manage memberships if part of distribution groups |
| Access Collaborations | ✓ Full access to all collaboration views and actions | ✓ Access collaborations within their instances | ✓ Access collaborations within their distribution groups | ✓ Access collaborations based on their permissions |
| Access Folder Management | ✓ Full access to manage any folder | ✓ Manage folders within their instances, considering access type | ✗ | ✓ Manage folders they have access to |