User Roles and Access Permissions
Overview
Within HeadSpin, users can be assigned one of several roles within their organization to streamline their workflow and define their possible actions within the UI. Roles function within HeadSpin following the same basic principles as role-based access control: each role has access permissions assigned for corresponding activities or information within HeadSpin according to job responsibilities and authority. These roles are created and assigned in order to limit potential access to sensitive information. HeadSpin has three default roles to which a user can be assigned, which will be elaborated on within this article. As a general rule, modifying roles and access permissions are tasks best left to HeadSpin admins; if you want to create additional custom roles within your organization, please contact your HeadSpin administrators.
Default Roles and Teams
The three default roles in HeadSpin, in order of ascending scope and power, are:
- Team Member
- Admin
- Org Owner
HeadSpin also uses an organizational unit of Teams to separate and organize users so that certain teams will have access to specific devices or be blocked from using specific devices. For larger organizations, or organizations working across several departments in their internal structure, this method of sorting users and devices into assigned teams can greatly cut down on confusion, overlap, or miscommunication made regarding which devices are available for testing, as well as make it easier for users to track down their test data from HeadSpin testing sessions. Every organization within HeadSpin is given a “Default” team upon its creation; this team will contain every user within the organization.
A user’s role is visible from any page of the HeadSpin UI, displayed next to the user’s name and organization in the upper-right corner of the page.
Team Member Role
The role of Team Member could be considered the basic user’s account on HeadSpin and is certainly the most common role assigned in HeadSpin. Team Member makes a user a part of an organization’s default team, effectively granting them access to the HeadSpin UI and analysis tools. Devices must be manually assigned to a team by someone of a higher access control level, but if any devices are assigned to the default team, these would also be visible. A Team Member can be assigned to new teams by a user with the Org Owner role. A single user can be a member of multiple teams, and all users will always be a member of the default team at minimum. Any devices attached to the team(s) the Team Member is part of will be visible to that user and available for testing, reservations, etc.
Note that a Team Member’s visibility and mobility is also heavily tied to their team. If you do not assign a Team Member to a team, they will likely be unable to access any devices. Org Owners (discussed below) are strongly encouraged to verify that the correct devices and hosts are added to a team before adding users in order to avoid confusion.
Admin Role
The role of Admin has authority and access between Team Members and Org Owners. An Admin has all the same access rights as a Team Member as well as some administrative abilities to assist in managing users within the organization. Admins are able to see all users in their team and can remove users from the team, invite new ones to an organization (specifically to become a member of the Admin’s team) via email, and promote users to Admin or demote users to Team Member roles. The Admin role is still restricted to access only the devices and hosts visible via their team, just like a Team Member. An Admin’s position in the access hierarchy takes a little pressure off users with the Org Owner role by allowing Admins to take ownership of some of the tasks regarding assignment and movement of users within teams.
Team Members and Admins have a view in the HeadSpin UI called 'Team Settings'. This is the top tab in the navigation bar.
Org Owner Role
Org Owner is the most powerful role in HeadSpin with the broadest scope and highest access level. Org Owners are able to view all teams, all users, all devices, as well as host machines, other Org Owner users, and SSO and login settings. Org Owners also have the ability to create new teams, create new users, and assign users to teams and roles; they can also remove these organizational objects. In having permissions to create teams, Org Owners also have the ability to assign hosts and devices to teams and modify already existing teams. The default Org Owner is usually the account owner in communications with the HeadSpin team when a contract is established, but Org Owners can also grant the Org Owner role to other users, and can transfer these permissions entirely if they so choose. It is recommended that if an Org Owner is leaving the company, that Org Owner grant another user Org Owner access and the access is confirmed before that user is removed from the organization.
For Org Owners, the Team Settings tab is replaced with the 'Org Dashboard' tab:
Conclusion
Generally speaking, all users have the same testing capabilities within the platform, although this can be fine-tuned if necessary (again, speak with your HeadSpin administrators for more details.) The primary access controls implemented and managed by you within HeadSpin are defining which users can access which devices.
For quick reference, the table below outlines the roles and their responsibilities in brief: