Key elements and roles in Aspera on Cloud

Edit online

This article describes the elements of your Aspera on Cloud organization, including workspaces and applications, along with key roles like organization admin, ATS admin, standard and limited users, and so on.

Key elements

The following table summarizes the key elements of IBM Aspera on Cloud (AoC).

Element Definition
Subscription Each subscription has one owner.

A subscription may contain one or more organizations.

A subscription is a billing/business entity rather than a logical software entity.
Organization One or more per subscription.

The organization is the primary container and administrative unit.

An org contains one or more workspaces; a workspace is the primary element in which users collaborate.

Certain configurable settings at the organization level are inherited by workspaces; for example: branding (logos, etc.), email templates.
Applications
Applications in Aspera on Cloud are:
  • Admin
  • Files
  • Packages
  • Activity
  • Automation

Admin app

The Admin app is automatically enabled for every organization admin. Relevant portions of the Admin app are automatically available to users who have been granted workspace manager privileges.

Files and Packages apps

Files and Packages apps can be individually enabled/disabled for the organization by the organization administrator. The org admin can also configure these apps at the global level. Global settings are inherited at each workspace in the org; inherited settings can be customized at each workspace. See 'Hierarchy and Inheritance' below.

Each app enabled at the org level can be enabled and configured at the individual workspace level.

Applications enabled for a given workspace are available for all workspace members.

A new member of the workspace automatically gains access to the apps enabled in that workspace.

Activity app

When the Activity app is enabled in the organization, it can be enabled for specific users. Until you add organization members as members of the Activity app specifically, they cannot see or access the Activity app.

Automation app

When the Automation app is enabled in the organization, it can be enabled for specific users. Until you add organization members as members of the Automation app specifically, they cannot see or access the Automation app.
Workspace One or more per Aspera on Cloud organization.

A workspace is the digital space in which teammates collaborate.

The workspace contains a team of AoC users working together -- on a given project, for example, or perhaps in a department or division -- along with their files, folders, and packages.

Users in a workspace can freely collaborate with other members of the same workspace. However, they need specific permissions to collaborate with users outside the workspace. See 'Collaboration: Open or Closed?', below.

The packages, files, and folders in one workspace are completely separate from those in another workspace.

An individual user may have membership in more than one workspace, and may have different permissions and access in one workspace compared to another. However, they cannot move files and folders from one workspace to another.

The org admin can delegate certain workspace-level administrative tasks to a workspace manager. See 'Delegating to a Workspace Manager' below.
Packages app

The Packages app enables app members in a workspace to send digital packages (collections of files and folders) to other people using an intuitive, email-like interface. Files and folders to send can reside on any connected local, remote, or cloud storage, including files and folders in the Files app.

A Packages app member in a workspace can freely send packages to other workspace members. With proper permissions, the member can send packages to AoC users outside the workspace, or to people who do not have an AoC account.

A Packages app member in a workspace can also send a digital package to a shared inbox in the workspace, provided that the member has 'Send' permission to the shared inbox.

The Packages app also provides a 'file request' capability, which allows members to send an email inviting the recipient to send a digital package. The email contains a link (called a submission link) that allows the recipient to use IBM Aspera's high-speed transfer technology to send the folders and files requested. Admins can enable or disable this feature based on user type (workspace member or workspace manager).

The Packages app provides each app member several sortable, filterable lists of packages:
  • My Inbox presents packages received by the user as an individual, as opposed to packages sent to a shared inbox.
  • Sent presents packages sent by the user.
  • Archived presents received packages that the user has moved from the Inbox.
  • Deleted/Expired is the listing of (1) sent packages that the sender later deleted, (2) packages that expired due to an applied policy. In both cases, the contents of the package are no longer available, although package details and transfer statistics are still viewable by clicking the package row.
  • A Packages app member may be a member of one or more shared inboxes in the workspace; the shared inbox listing presents packages sent to the shared inbox. See 'Shared inbox' below for more details.
Digital package

A feature of the Packages app, a digital package is composed of one or more files and folders, collected by a user to send to someone else. Once sent, the package is an immutable 'master' copy of the transfer, enabling an auditable trail of senders, recipients, and content.
Shared inbox

A optional feature of the Packages app in a given workspace, a shared inbox is a collection of users with shared access to the digital packages sent to the shared inbox.

A shared inbox allows users to send content directly and simultaneously to all members of the shared inbox without having to address it to particular users or user groups. A shared inbox is similar to an email distribution list, and includes an easily accessible, filtered listing of packages sent to the inbox.

A shared inbox is created by the AoC administrator or workspace manager, who designates members of the shared inbox from among the workspace members, then assigns each member one or more permissions to the inbox. Shared inbox permissions include:
  • Send: can send packages to the shared inbox.
  • Receive: can browse and download all packages sent to the inbox.
  • Add users: can add a new member to the inbox, granting them Send permission only.
Each shared inbox member can have one or more permissions to the inbox.

An individual user in the workspace may have membership in one or more shared inboxes, or in none; may have different permissions in each shared inbox, and permissions may be different than the permissions of other shared inbox members.

A workspace member with 'Add users' permission to a shared inbox can invite a user from other workspaces or from outside the organization to become a member of the shared inbox. The invited user has 'Send' permission only to the shared inbox. The invited user is not a member of the workspace, but only a member of the shared inbox. This user becomes a limited member of the organization.
Files app

The AoC Files app allows users in a workspace to access a collection of folders. Folders in the Files app may be added by:

  • The administrator, who can make folders from a transfer server available to Files app users in a given workspace.
  • Files app users with permission to upload, who can share their folders with others.
  • Folders shared by other users.

A workspace member with access to the Files app can freely share folders within the app with other workspace members. With proper permissions, the member can share folders with AoC users outside the workspace, or with people who do not have an AoC account.

Files app members with proper permission can upload files and folders from any connected source to the app. and from there share the folder with others. Until the folder is shared, it is visible and accessible only to the user who uploaded it (and to the administrator).

When users share folders with others, they grant each recipient specific permissions to act on the folder and its contents. Permissions presets bundle the atomic content permissions most often used together:

  • Edit (This is the highest level of permission and gives a user full control over the item, it contains all other permissions.)
  • Download (browse folder content, preview supported movie file types, download the folder or its contents)
  • Preview (browse and preview)
  • Upload (create and upload folders and upload files)

Atomic custom permissions are also available:

  • Browse folder contents
  • Upload files and folders to the folder
  • Create or upload an empty folder in the shared folder
  • Download the folder or its contents
  • Rename the folder
  • Preview the movie files in the folder (thumbnail previews of supported image types are always available)
  • Delete or overwrite files and folders in the folder

Users who receive shared access to a folder can in turn share it with others, according to their permission in the workspace and to their permissions to the specific folder. When re-sharing a shared folder, they can grant only the access they have to the folder, or less.

Files app users can save content they receive in a package in the Packages app directly to their Files app (assuming they are member of both apps in the same workspace).
Shared folder

A feature of the Files app.

Files app users with appropriate permissions can upload a folder from their own local or remote storage and share it freely with other Files app members in the same workspace, granting access permissions to each recipient as required.

The recipients of the shared folder can then access it according to the permissions granted, and in turn share the folder with others, granting the same access permissions they have (or fewer) to their recipients.

With proper permissions, the workspace member can also share the folder with AoC users outside the workspace, or with people who do not have an AoC account -- again, granting to their recipients the same access permissions they have (or fewer).

With proper permissions, workspace members can use a public link to share a folder with outside users, which allows recipients to access the folder without having to log in.

Org administrators or workspace managers can share folders directly from a node or storage to workspace members, sharing with all members or with specific members, and granting access permissions to each recipient as required. Such administratively-shared folders can be controlled by anyone with admin credentials.
Activity app

The Activity app gives app users deep insights into real-time and historical transfer usage and activities. Users can filter and display data along a number of axes: transfer usage per org, per workspace, per node, per user. App users can monitor transfer activity in real time, collect historical data to identify trends, monitor events and user activity to enhance security, and export reports for all of the above.
Automation app

The Automation app in Aspera on Cloud lets you to create automated workflows that initiate file transfers, integrate with external web services via API calls, and send event-driven email notifications to users. Automation monitors your file storage system for event triggers; for example, a specific date and time can initiate a transfer, and a file upload to a shared folder can trigger an email notification.

The Job Queue page in the Automation app allows you to easily monitor all running and completed workflow jobs.

Key roles

The following table summarizes the key roles in IBM Aspera on Cloud.

Role Definition
Subscription Owner Responsible for all the usage charges incurred within the subscription.
Organization administrator The master role in the organization; one or more per org. For the organization:
  • Configures all security, authorization, branding, notifications; registers API clients.
  • Enables and configures apps.
  • Creates and configures workspaces. May delegate certain configuration responsibilities for a given workspace to a workspace manager, whose responsibilities and privileges are applicable to that workspace only.
  • Monitors, manages, and reports on usage and transfer activities.
  • Configures existing transfer servers to support the AoC organization. May delegate these responsibilities to the infrastructure administrator (future).
For users:
  • Creates and configures users and groups; user membership in groups, workspaces, and shared inboxes; user access to enabled apps; assigns user roles. May delegate some responsibilities to the workspace manager.
For applications:
  • Enables and disables apps for the org and for individual workspaces; configures app settings globally and for workspaces; manages app members in each workspace. May delegate some of these responsibilities in a given workspace to a workspace manager.
For workspaces:
  • Configures branding; members; security; event notifications; usage monitoring. May delegate these responsibilities in a given workspace to the workspace managers.
  • Enables and configures apps for each workspace. May delegate these responsibilities in a given workspace to the workspace managers.
For shared inboxes (if any) in the Packages app in a workspace:
  • Configures membership and access permissions; metadata fields, collaboration settings; package expiration policies; notifications. May delegate these responsibilities to the workspace manager.
Transfer service administrator (ATS admin)
An organization administrator with additional privileges that enable the following activities:
  • Create a transfer service node.
  • Convert a trial subscription to a paid subscription.

This role is automatically granted to the user account that first registers for a trial subscription to Aspera on Cloud.

An existing ATS administrator in the organization can add transfer service admin privileges to an organization admin.
Workspace manager Optional role created by the organization administrator.

For a workspace, configures branding; manages members (including groups); configures and controls event notifications; monitors usage. For Files and Packages apps in the workspace, configures collaboration settings and URL styles. For Packages app, manages shared inboxes and members, package expiration policies, package security. For Files app, manages shared content.

An organization admin can allow or disallow workspace managers' ability to change certain collaboration settings.
User

A standard user is a member of the AoC organization. This user has membership in at least one workspace in the organization.
Limited user

Limited users are not members of the AoC organization, although they do have login credentials to the org.

AoC creates a limited user when a standard user sends an authenticated file request (also called a submission link) to an outside user, inviting that outside user to submit a digital package to a shared inbox. The invited user must create an account and log in to AoC to respond to the invitation; this user becomes a limited user in the organization, with authenticated access to that shared inbox only, without workspace membership.

In addition, an organization admin creates a limited user when configuring any org member with no workspace membership.