WHAT’s IN THIS ARTICLE:
Creating content and publishing channels for workplace displays and team communications, along with administrative tasks such as inviting users, registering devices, and configuring resources for room scheduling and space management, are all, naturally, performed in the Appspace console.
Appspace is so versatile as a platform, that one user can do everything necessary to register devices and display beautiful content. In a large organization with many people performing many different functions, the Appspace administrator or Account Owner may assign different roles and permissions to have autonomy over what is published and where.
In this article, we define personas, user roles, and user permissions.
Personas, Roles, & Permissions in Appspace
Personas are figurative models that loosely define users of Appspace. A user may have one or more personas. There are three main user personas of Appspace:
- Viewers – end-users or consumers of published content.
- Creators – authors who create content in the Appspace Library.
- Administrators – who take care of all the user invitations, device registrations, location management, platform configuration, and publishing of content.
A role is a job that a user performs and is assigned to each Appspace user. Each role allows the user to perform specific functions in the Appspace platform and is scoped to an account or location. The title of the role often describes the function of the role such as Portal Administrator or Publisher. A user can be assigned one or more roles, and will also inherit roles from user groups or locations. A persona may have one or more roles.
Permissions are specific access rights or entitlements given to a user of any role, allowing a user to perform specific tasks in Appspace. An example is allowing a user to publish a certain channel by providing him with publishing permissions for a particular channel, although his role is to manage devices. Thus, a role may have one or more permissions.
The principal Account Owner of the Appspace account must first invite users in his organization to the Appspace console. Roles can be assigned during or after the user invitation process. A new user is registered as a Viewer by default.
A viewer cannot access the Appspace console, but will be able to view any channels and content published to them via one of these mediums:
- The Appspace Content Portal, using Appspace login credentials.
- Appspace iPhone or Android app, using Appspace login credentials.
- Enterprise messaging apps such as Slack, Webex Teams, or Microsoft Teams. No need to sign-in if reading content directly in the chat window.
- On a browser using a public link to a channel that is “published to the web”. No need to sign-in.
- On a device running the Appspace App. No need to sign-in.
A content author is categorized as a creator. An author will only be able to access the Library module in the Appspace console, to upload media, create any card from the available templates (Announcement, Room Schedule, Google Slides etc.), and organize all that content with tags and folders. An Account Owner must assign the Author role to a user invited into the Appspace platform.
Authors can only author in the channels assigned to them. If no channel is assigned, the author can only add content to the Appspace Library.
Administrators perform tasks such as platform configuration, device registrations, Appspace App or card theme customizations, as well as device, location, and user management. Administrators can hold any one of the following roles:
- Portal Admin – a system administrator of the Appspace platform in an on-prem environment, with full access to all server settings, accounts, locations, users, devices, channels, content, and analytics data. In a multi-tenancy environment, the Portal Admin has the same access to all locations (networks) in multiple accounts.
- Account Admin – a role with access to all accounts and locations in the Appspace platform in an on-prem environment, but does not have access to the platform system settings. In a multi-tenancy environment, the Account Admin has full access to all locations in multiple accounts.
- Account Owner – when you sign up for an Appspace account, this is the primary role your registered user account is given. The Account Owner is the administrator of one master Appspace account with full access to create content and channels, register and manage devices, invite other users and assign user roles and permissions, create and manage locations, configure themes, and perform various other administrative tasks in the Appspace console, all within his account. In summary, the Account Owner can function as an administrator for his account, Location Admin, Publisher, and Author, all in one.The master Account Owner may assign additional Account Owner roles to other users in his organization. In a multi-tenancy environment, the Account Owner has access to the locations in a single account only.
- Location Admin – locations, previously known as networks, is a means to organize devices, building maps, and users, in the Appspace console, according to geographical locations, in very large organizations. The Location Admin, therefore, is able to register devices and configure these devices, create and organize all maps and floor plans, add device properties or location properties, and assign default channels to the locations under his purview. The Location Admin can also assign other Appspace users with publisher permissions or location admin permissions to any location under his purview if he needs additional help managing these resources.
- Publisher – a user assigned with a publisher role has full control of a channel, the channel properties, and has publishing rights to all the channels under his purview. The publisher:
- manages all channels settings.
- approves content change requests by editors or individual channel publishers.
- is able to add and edit the content in any channel(s) he has access to.
- assigns devices or users to each channel or channel group under his purview.
If the Publisher role is assigned to one or more locations in the Appspace console, the publisher will have the same channel management permissions to all the channels located in those locations. An Account Owner must assign the Publisher role to a user invited into the Appspace platform.
A Publisher (role), is also able to assign any other Appspace user with publishing or editing permissions to one or more channels that the Publisher is managing.
This publishing or editing permissions are specific to each channel and are set in each individual channel’s settings.
- A user with channel publishing permissions is able to approve changes, edit content, and update settings for that specific channel.
- A user with channel editing permissions is only able to add or edit content in that specific channel, and may require content change approval from either one of the publishers.
Appspace Platform Management Workflow
The flowchart below depicts the basic workflow and user roles needed to administer an Appspace account, create content, register devices, or publish content, in a public cloud environment.
Note: In small companies, Account Owners may function as the Location Admin, Publisher, and Author, all-in-one.
An Account Owner or administrator needs to determine the number of administrators and creators needed to manage content, devices, and locations in the Appspace console. The necessity for more than one role will highly depend on the organization’s size, the number of devices deployed, and the necessity for control or simply a check and balance for administrative or publishing tasks.
The administrator must also configure Just-in-Time when SSO is enabled in their organization, to enable users to log in seamlessly to the Appspace console or content portal.
Therefore, based on the structure and requirements of your organization, it is necessary to determine and assign the correct user roles and permissions to ensure users have the right permissions to perform tasks and correctly display the right content on the right devices at the right time.