Hub Services uses role-based access control (RBAC) to manage who can access the services in the Hub Service console and what settings administrators can see and change in the console.
Five predefined administrator access roles can be configured In the Hub Services console Admin Role page.
- Super Admin. The super admin role can access and manage all features and functions in the Hub Service console. Only super admins can assign and manage roles.
- Auditor. The auditor role has read-only permissions to view all pages in the Hub Service console.
- Notification Admin. The notification admin role can create and send notifications, manage the notification list on the Notifications List tab, and edit the Global Settings tab.
- Notification Creator. The notification creator role can create and send notifications from the Notifications List tab. The notifications creator has read-only access to view the Notifications List and the Global Settings tab.
- Notification Auditor. The notification auditor role has read-only permissions to view the Notifications List tab and Global Settings tab in the Notifications page.
You assign roles to Workspace ONE Access user groups. You can assign more than one role to a group.
When a group is assigned more than one role, the behavior of the roles applied is additive. For example, if an administrator is assigned two roles, one as auditor with read-only permission in the Hub Services console and the second role is Notification Admin, the group can view all the Hub Services console pages, and in the Notifications pages, can create, send, and manage notifications.
You see the list of the current admins groups and their roles, change a role, and remove roles from the Admin Roles page.
Users that are assigned Hub Services admin roles access the Hub Services console directly from their Workspace ONE Intelligent Hub web portal. Users click on the user name in the Web portal to select the Manage Hub Experience link.
Hub Services Super Admin Roles
Workspace ONE Access super administrators are automatically super admins in the Hub Services console. The Workspace ONE Access super administrator initially configures the Hub Services super admin role and assigns Workspace ONE Access groups to the role. Members of the group can access and manage all features and functions in the Hub Services console. This includes adding new groups as super admins and adding groups to any of the other admin roles. Members of the Hub Services super admin group do not have access permissions to the Workspace ONE Access console.
Workspace ONE Access non-super administrators are Hub Services auditor admins. They can become Hub Services super admins if they are in a user group that is assigned the super admin role.
Create Roles to Manage the Notifications Service
You can delegate limited access to user groups to access only the Notifications Service pages in the Hub Service Console to manage, create, and send notifications. For example, you can assign the notification creator role to the HR group so that they can create and send HR notifications, and grant the same role to the Support Team group so they can create and send support notifications. You can assign another group to the notifications admin role that gives members of that group access to all settings in the Notifications Service page.