Roles User Guide

The Tehama platform currently defines four base roles: Org Admin, Org Manager, Room Manager and Staff.

This user guide provides information on these four predefined base roles. It provides general information on the capabilities that users with each of these roles has and how these capabilities are dependent on the function/role that the user's organization has in a Tehama Room.

For a more in-depth look at each of these roles, and for information on how to construct your own 'custom roles' from these and add-in 'permission sets', see the Custom Roles and Permissions User Guide.


General Role Information

This section explains what the predefined base roles can do with respect to their own organization.

The following table provides a brief overview of the four base roles in Tehama:

Org Admin Org Managers Room Managers Staff
Has full access Have full access with some exceptions, including visibility of organization usage and webhook administration Has access only to Rooms of which they are a member Can access Rooms they've been added to and approved to access
Has full management capabilities Are able to manage their own organization and add, edit, remove teams, team members and policies but cannot delete the organization Are able to manage Rooms of which they are a member Can edit their own profile, and can access Rooms they've been added to and approved to access
Receives all approval notifications for Rooms and Room membership Receives all approval notifications for Rooms and Room membership Receives all approval notifications for Rooms and Room member ship for Rooms of which they are a member

Note that there is only one Org Admin per organization, but the Org Admin can transfer their role to another member of their organization by selecting another member and making them an Org Admin.

Roles and their permissions vis-a-vis Room management

This section is a bit more complicated and applies to Org Admins, Org Managers and Room Managers and what Room management capabilities they have.

Note that people with the Staff role have no permissions with respect to Room management.

The roles and permissions of Org Admins, Org Managers and Room Managers change for Rooms depending on whether their organization is:

  • Owner+Connected: Their organization created the Room (i.e.: they are paying for it) and connected it (i.e.: they configured the network access for the Room). (Their organization will have both the owner organization icon and the connected organization icon under its name in the Room's MEMBERS tab.)
  • User-only: Their organization has been added to a Room that another organization is paying for and has connected.
  • User+Owner: They've created and are paying for a Room, but it's connected to another organization. (Their organization will have the owner organization icon under its name in the Room's MEMBERS tab.)
  • Connected-only: They've connected the Room that another organization is paying for. (Their organization will have the connected organization icon under its name in the Room's MEMBERS tab.)

The following table outlines the roles and the permissions associated with Room management:

Note, Room Managers only have those permissions in the table below that relate to Rooms of which they are a member.

OWNER+CONNECTED USER-ONLY USER+OWNER CONNECTED-ONLY
Full control/approval of membership and policies Can propose team members for membership to Room Can propose team members for membership to Room Full control/approval of membership and policies
Full control/approval of tools/tool configurations. Can add new tools/tool configurations Do not control tool configurations but set policies
Full control of audit of work No audit Access to audit Full control of audit of work
Full control of connections Can enable/disable the connection option
Multi-GWsMultiple Gateways
- Cannot enable/disable the connection option
Multi-GWsMultiple Gateways

- Can configure/change connectivity mode (Gateway vs internet-only) when option
Multi-GWsMultiple Gateways
is disabled
Org Admin (not Org/Room Manager) can delete audit information Org Admin (not Org/Room Manager) can delete audit information

Note that when referring to the 'connected organization' in a Room, this means either an 'owner+connected' organization or a 'connected-only' organization, depending on the Room configuration. Similarly, when referring to the 'owner organization' in a Room, this means either an 'owner+connected' organization or a 'user+owner' organization.


Assign a Role

You can assign a role, custom or predefined, when inviting a new member to your organization. Follow the instructions in the Add members to an organization section in the Organization User Guide.

You can also assign a role by editing the role of an existing member in your organization. Follow the instructions in the Edit a member's role section in the Organization User Guide.