Administrative Roles
Administrative Roles determine which objects a user of the Workspace Control Console is allowed to see and to manage. This enables delegation of control over the Workspace Control site.
Each Administrative Role is defined by the following aspects:
- its permissions determine which nodes and objects are shown in the Workspace Control Console, and whether they can be viewed or edited.
- its Scope Control determines the users and Workspace Containers for whom the Administrative Role can edit objects in the Workspace Control Console. This is based on the Access Control and Workspace Control set on those objects.
- the Access Control and Workspace Control set on the Administrative Role determine which users get the Administrative Role in which locations for which specific time period and Workspace Containers.
- Administrative Roles can also be selected as part of Access Control on applications and settings. This allows you to use Administrative Roles to create custom groups of users, independent of the groups available in the available Directory Services. Remember to use a very restricted set of permissions for Administrative Roles used in this way.
- You can achieve more granular delegation of control by assigning different permission levels to a node’s list of objects and its settings for Administrative Roles. For example, a role can have "modify" rights to the Printers tab, but read-only access to the Settings tab and exception tabs for Printers. When upgrading Workspace Control, the same permissions will be applied to both tabs that were assigned to the whole feature, i.e. if Printers had "Read" rights, both tabs will get "Read" rights. When downgrading Workspace Control, the lowest rights will be applied, i.e. if the Printers tab had "Modify" rights and the Settings tab "Read", "Read" rights will be applied to both tabs.