Managing workspace roles and permissions

Admin users are assigned roles that reflect their abilities at the workspace level. Granular permissions are assigned to each role.

Coro has three predefined roles, which can’t be edited or deleted:

  • Viewer : Can view content.
  • Administrator : Can view and edit content.
  • Super admin : Can view and edit content. Additionally, super admins can reassign roles to admin users.
note

You can’t remove the last super admin of a workspace.

Permissions are categorized into the following options:

  • No Access : The admin user cannot see or interact with the section.
  • Can View : The admin user can see the section but cannot make changes.
  • Can Edit : The admin user can view and make changes to the section.

The different sections are as follows:

Section Description
Management Set permissions for the workspace section of the Control Panel.
Views Set permissions for the users and devices sections from the toolbar.
Protection Set permissions for enabled modules in the Control Panel. If a new module is enabled, custom and Viewer roles receive Can view permissions. Editor and Super admin roles receive Can edit permissions, and can change the permissions for other roles.
Tickets Set permissions for items related to tickets in the Ticket log and Actionboard.

To access Roles:

  1. Sign into the Coro console .
  2. Navigate to Control Panel > Access Control :

    Access control

  3. Select the Roles tab:

    Roles

Adding a custom role

Coro offers predefined roles for most scenarios, in addition to the option to create custom roles with specific permissions. This allows admin users to have precise access and responsibilities within their workspace.

To add a custom role:

  1. Select + ADD ROLE from the top right:

    Add role

    The Add role dialog appears.

    Add role

  2. Enter a name for the role.
  3. Select the desired permissions for the role.
    Section Description Permissions
    Management Set permissions for the workspace section of the Control Panel. No access, Can view, Can edit.

    For the Admin users item, edit options include: Add, Edit, Remove, Manage Content Permissions, Delete 2FA data
    Views Set permissions for the users and devices sections from the toolbar. No access, Can view, Can edit
    Protection Set permissions for enabled modules in the Control Panel. If a new module is enabled, custom and Viewer roles receive Can view permissions. Editor and Super admin roles receive Can edit permissions, and can change the permissions for other roles. No access, Can view, Can edit
    Tickets Set permissions for items related to tickets in the Ticket log and Actionboard. No access, Can view, Can edit.

    Edit options include: Low impact actions (such as closing or reopening tickets), Medium impact actions (such as requesting a user resign in to an application), Critical impact actions (such as suspending a user from an application aand device remediation actions), Comment on tickets

Managing custom roles

Admin users with sufficient permissions can manage custom roles. This includes editing, deleting, and duplicating the role. These actions can be taken from the three-dot menu next to the relevant role:

Role actions

Editing roles

Roles can be edited to change their name and permissions.

Duplicating roles

Roles can be duplicated. When duplicating a role, the new role inherits the permissions of the original role, which can then be edited.

Deleting Roles

Roles can be deleted. You can’t delete a role that has admin users currently assigned to it. Assign other roles to those users before deleting the role. Super admins can assign a new role from the Admin users tab.