Managing your workspace collaborators with role-based access control

PERMISSION REQUIREMENTS

To perform the tasks in this guide, you must meet one of the following requirements:

• Ensure you are signed in with the workspace root login
• Have either the Admin system role or a collaborator role with Workspace admin privileges

Role-based access control (RBAC) enables workspace admins to define and assign roles with specific privileges to each workspace collaborator.

The following sections are covered in this guide:

• How RBAC works
• How to add new collaborator roles
• How to assign roles to team collaborators
• How to clone roles
• How to delete roles

How role-based access control works

Role-based access control (RBAC) allows you to restrict access to Workato features, functions, and folders based on each collaborator's role.

You can define access based on criteria such as:

• Authority, such as manager versus entry-level
• Responsibility, such as engineer versus Quality Assurance (QA)
• Department, such as IT versus marketing
• Employee type, such as permanent versus contractor

Assigning roles secures your organization's data and applications by limiting access to only what each collaborator needs. Roles also enable you to define the type of access collaborators have for certain features, such as View or Create.

Role types

All Workato accounts include system roles, which you can assign to collaborators.

Additionally, you can add new collaborator roles with specific privileges.

Add collaborator roles

FEATURE AVAILABILITY

Customers on the new pricing model, or those with the Advanced Recipe Management and Operations capability, can create custom collaborator roles. Refer to your pricing plan and contract to learn more.

Creating additional collaborator roles enables you to assign privileges to workspace collaborators with greater granularity than system roles allow.

Complete the following steps to add a collaborator role:

1

Go to Workspace admin > Collaborators > Collaborator roles in your Workato account.

2

Click + Add collaborator role.

Add collaborator role

3

Click Edit (pencil icon) next to New collaborator role to name the collaborator role, and click ✓ Save to confirm your changes.

Name collaborator role

4

Assign privileges to the role from the available options. Refer to the Privileges reference for more details about each privilege.

ASSIGNING PRIVILEGES

Consider the following when assigning privileges:

• New roles include default permissions. By default, new roles have View privileges for recipes, connections, and folders. Clear these privileges if they are not required for the role.

• Some privileges require other privileges. For example, the View folders permission is required to view Recipes and Connections because these are stored in folders.

When a privilege has requirements, these requirements appear when you hover over the privilege:

Autoselecting interdependent privileges

When you select or de-select a privilege with requirements, its dependencies adjust automatically.

5

Click Save changes when finished.

Assigning roles to team collaborators

PREFER VIDEOS?

Watch a quick video overview

Assign roles to collaborators when inviting them to the workspace. You can also change roles at any time.

Clone roles

CLONE ROLES PROGRAMMATICALLY

You can clone roles programmatically through the Workato API.

Cloning a role creates a copy you can modify without affecting the original.

Complete the following steps to clone a collaborator role in Workato:

1

Go to Workspace admin > Collaborators > Collaborator roles in your Workato account.

2

Click the role you plan to clone. This opens the Edit collaborator role page.

3

Click Clone role.

Clone role

4

Rename and modify the copy of the role as needed.

5

Click Save changes.

CLONING AN ADMIN ROLE

You can clone any system or collaborator role in Workato. Cloning the Admin role transfers its unique permissions for managing advanced workspace settings to the new role.

Delete roles

SYSTEM ROLES CAN'T BE DELETED

You can't delete system roles.

We recommend reassigning collaborators to new roles before deleting a role to prevent access issues.

When a role is deleted:

• If Environments is not enabled in the workspace, all collaborators assigned to the deleted role lose access. Assign them to new roles to restore access.

• If Environments is enabled in the workspace, all collaborators with the role lose access to the specific environment where the role was assigned.

For example, a collaborator has access to DEV and TEST environments. In DEV, they're assigned the HR - Dev role and in TEST, the Tester role. If the HR - Dev role is deleted, the collaborator loses access to the DEV environment until they're assigned a new role.

Complete the following steps to delete a role:

1

Go to Workspace admin > Collaborators > Collaborator roles in your Workato account.

2

Click the role you plan to delete. This opens the Edit collaborator role page.

3

Click the Delete button.

Delete role

4

Select Delete collaborator role to confirm your changes.