Root,Tenant and Applet Role Functionalities

Root Level Roles

Permission → Assignee → Target

• High level permission

• API Level

• Angular Level

• Group itself possess a role as well: Owner, Admin, Member

• Members inside group possess roles as well

Assignee: User, Group, Role (description)
Target: Branch, Company, Entity

Developer: BLG

• Can manage hostname

• Can manage launchpad panel

• Can manage catalog

• Can manage group

• Can manage team

• Can manage workspace in launchpad

• Can configure permission for user, self created group and self created tenant

• Can install applets from global applet store

• Can assign admin to a tenant, group, team

• Can create a new custom role

• Can remove or add admin

• Can add members into tenant, group, team

• Can create workspace

• Can invite new users to become members

• Can revoke new users’ invitation request

Admin: Other IT companies onboard BLG platform

• Can CRUD hostname

• Can CRUD launchpad panel

• Can CRUD catalog

• Can CRUD group

• Can CRUD team

• Can CRUD workspace in launchpad

• Can configure permission for user, self created group and self created tenant

• Can install applets from global applet store

• Can assign admin to a tenant, group, team

• Can create a new custom role

• Can remove or add admin

• Can add members into tenant, group, team

• Can create workspace

• Cannot remove owner or another admin

• Can invite new users to become members

Member = End users

• Can create workspace

• Can install applets from global applet store

• Can update own profile

• Can invite new users to become members

• Can CRUD hostname

• Can CRUD group

• Can CRUD launchpad

• Can CRUD catalog

• Can RU applet store

• Can R tenant

Guest (demo account)

• Can view launchpad panel but not workspace

• Can view all public catalog and applets in global applet store

• Can view all root level applets functions

Tenant Level Roles

Permission → Assignee → Target

• API Level

• Angular Level

• Team type: Department, Designation, etc.

Assignee: User, Group, Role
Target: Branch, Company, Entity

Owner

• Can create (applet name)

• Can read (applet name)

• Can update (applet name)

• Can delete (applet name)

Admin

• Can create

• Can read

• Can update

Member = members that are added into this tenant

• Can create

• Can read

Guest (demo account)

• Can read only

Applet Level Roles

Permission → Assignee → Target

• API Level

• Angular Level

Assignee: User, Group, Role
Target: Branch, Company, Entity

Owner

• Can create (applet name)

• Can read (applet name)

• Can update (applet name)

• Can delete (applet name)

Admin

• Can create (applet name)

• Can read (applet name)

• Can update (applet name)

Member = Staff

• Can create (applet name)

• Can read (applet name)

Guest (demo account)

• Can read only (applet name)

Group

The owner role

By default, the owner role has the highest level of permissions. Owners can:

• Add or remove other owners.

• Create roles.

• Delete the group.

• Export group memberships and messages. Members with the owner role have the greatest control over the group, so we recommend keeping the number of owners low.

The manager role

The manager role has these default permissions:

• Manage members and moderate content

• Add or remove managers

The member role

Everyone in a group has the member role by default. Features of the member role include:

• Permission to moderate metadata, such as tags, and assign topics in collaboration groups

• Permissions set for the member role are automatically given to all other roles

• Permissions set for the member role are grayed out in the other roles because they’re already applied