# Managing Your Workspace Collaborators With Role-Based Access Control


To perform the tasks in this guide, you must meet one of the following requirements:

The ability to assign granular, comprehensive roles to workspace collaborators is essential to working in a workspace.

Role-based access control (RBAC) is a key feature of Workato Collaborators that allows workspace admins to fully define the permissions of every collaborator in the workspace through the creation of custom roles.

In this guide, we'll cover:

# How Role-Based Access Control Works

Role-based access control (RBAC) allows you to restrict access to Workato features, functions, and folders, based on a team collaborator's role in a team.

Access can be based on the criteria you define, such as:

  • Authority, such as manager versus entry-level
  • Responsibility, such as engineer versus Quality Assurance (QA)
  • Department, such as IT versus marketing
  • Employee type, such as permanent versus contractor

Allowing collaborators to only access the features they need to do their jobs ensures that your organization's sensitive data and applications remain secure. Using roles to control access can be helpful for monitoring activity, but also if there are third parties working in your account.

In addition to controlling access to features in Workato, roles also allow you to define the type of access collaborators have to those features. For example: Collaborators may be able to View connections but not Create them.

# Role Types

All Workato accounts contain a few built-in system roles that can be assigned to collaborators.

You can also create and assign custom roles.

# Creating Custom Roles


Custom roles is available as an add-on. Contact your Customer Success Manager for more info.

Using custom roles allows you to create roles with appropriate privileges for the various people and teams collaborating in your workspace.

To create a custom role:


In your Workato account, navigate to Workspace admin > Roles (opens new window).


Click + Add role.


Name the role by clicking the New role copy in the top-left corner of the page, entering a name, and clicking the checkmark to save.


Using the tabs on the left side of the page, assign privileges to the role. Refer to the Privileges reference for more information about what each privilege does.

When assigning privileges, note that:

  • New roles have a few pre-selected permissions. By default, new roles are automatically granted View privileges for Recipes, Connections, and Folders. If not required for the role, de-select the privileges.

  • Some privileges are interdependent on other privileges. For example: The View folders permission is required to allow viewing Recipes and Connections, as these assets are contained in Folders.

    If a privilege has dependencies, these dependencies will be highlighted when you hover over a privilege:

    Additional role access to features Autoselecting interdependent privileges

    When a privilege with dependencies is selected or de-selected, its dependencies will also be selected or de-selected.


When finished, click Save changes.

# Assigning Roles To Team Collaborators


Get the quick version in this video!

Roles are assigned to collaborators when they're initially invited to the team, but they can also be changed at any time.

# Cloning Roles


Roles can be programmatically cloned through the Workato API.

Cloning a role makes a copy of the role that can be modified without affecting the original.

To clone an existing system or custom role in the Workato app:


In your Workato account, navigate to Workspace admin > Roles (opens new window).


Click on the role you want to clone. This will open Edit role page.


Click the Clone role button in the top-right corner of the page.


Re-name and modify the role as needed.


Click Save changes when finished.


In Workato, you can clone all system and custom roles within your workspace. However, when you clone the Admin role, the unique permissions for managing advanced workspace settings do not transfer to the newly-created role. To grant collaborators the ability to manage workspace settings, they must be assigned to the Admin system role.

# Deleting Roles


Only custom roles may be deleted.

We recommend migrating collaborators to new roles before deleting a role to prevent accidental access issues.

When a role is deleted:

  • If Environments is not enabled in the workspace, all collaborators with the role will lose access to the team. These collaborators must be assigned to new roles before they'll be able to access the team again.

  • If Environments is enabled in the workspace, all collaborators with the role will lose access to the environment where the role was assigned.

    For example: A collaborator has access to DEV and TEST environments. In DEV, they're assigned the HR - Dev custom role and in TEST, the Tester role. If the HR - Dev role is deleted, the collaborator will lose access to the DEV environment until they're assigned a new role.

To delete a role:


In your Workato account, navigate to Workspace admin > Roles (opens new window).


Click on the role you want to delete. This will open Edit role page.


Click the trash can icon in the top right corner of the page.


When prompted to confirm, click Delete role.

Last updated: 3/20/2024, 9:13:08 PM