Workspace ONE Access uses role-based access control to manage administrator roles. With roles-based access control, you create functional roles that control admin access to tasks in the Workspace ONE Access console, and assign the roles to one or more users and groups.

Three predefined administrator roles are built in to the Workspace ONE Access service. You can assign these predefined roles to users and groups in your service. You cannot modify or delete these roles.

You can also create custom administrator roles that give limited permissions to specific services in the Workspace ONE Access console. Within the service, specific operations can be selected as the type of action that can be performed in the role.