The user administrator role enables you to centrally create and update user accounts. The role also enables you to add and remove users from workspaces in your organization.
As a user administrator, you can:
- Create an internal user account.
- Enable or disable internal user accounts.
- Add a user to, or remove a user from a workspace.
- Manage visiting user access in your tenant.
- Create, edit, or delete API keys.
Internal users can be assigned the user administrator role. If you're a visiting user, the user administrator role isn't available to you.
User management
You can manage user access to workspaces in three ways:
- A user administrator can create users, add them to workspaces, or delete them from workspaces in Administration.
- A workspace administrator can add or remove users from the Users pane in a model.
- A workspace administrator can import a list of users to add users and update user details in a model.
- A workspace administrator can create a shorter users list subset from the larger Users lists in General lists, which can also be used to control user access within a model.
If a user administrator and workspace administrator input user changes that conflict, the most recent transaction determines the user account status.
To avoid user status conflicts, we recommend that your organization use the User Administrator role to add or remove users. Workspace administrators can then refine model-level access from the Users pane in a model.
Note: If a tenant administrator turns on the user management switch in Administration:
- Only user administrators can add or remove users from the Internal page in Administration. They can also invite or remove visiting users from the Visiting page in Administration.
- Workspace administrators can't add or remove users from within models. They also can't add users through an import. However, they can run an import to update user attributes.
User administrator policy details
The table below displays the resources that a user administrator controls.
| Resource type | CREATE | READ | UPDATE | DELETE |
| Tenant feature setting | ||||
| Exception user | ||||
| Tenant | ||||
| User | ||||
| Package summary | ||||
| Role Membership | ||||
| Model | ||||
| Workspace | ||||
| Package activity report | ||||
| Package | ||||
| API key | ||||
| User package | ||||
| Tenant package | ||||
| Permission | ||||
| Administration | ||||
| Category | ||||
| Entitlement feature | ||||
| Policy | ||||
| Activiation email | ||||
| Role | ||||
| SCIM API |
