User roles and types

Edit online

Each Aspera on Cloud user has a role, type, and status; these attributes help define the activities permitted to each user.

The Aspera on Cloud user roles, types, and statuses are:

  • Global roles
    • Organization administrator
    • ATS (Aspera transfer service) administrator
    • User
  • Workspace roles
    • Workspace manager
    • Member
  • User types
    • Standard
    • Limited
  • User status:
    • Active
    • Pending
    • Deactivated

Administrators can filter the AoC user listing by role (org admin, ATS admin, user), by type (standard, limited), by authentication method (IBMid, SAML, Google), and status (active, deactivated, pending). Go to Users in the Admin app.

Organization administrator

There may be one or more administrators in an organization. An administrator is a member of the organization and may or may not be a member of a workspace.

Users assigned this role can do the following across the entire organization:

  • Configure authorization (OAuth, SAML, etc.) settings for the organization.
  • Configure branding for the organization and for workspaces.
  • Configure and manage nodes and storage.
  • Share content from configured nodes to Aspera on Cloud users.
  • Delete content from configured transfer nodes.
  • Monitor all activities.
  • Monitor all transfers.
  • Create, manage, and delete workspaces, including shared inboxes.
  • Assign the administrator role for the organization.
  • Assign the manager role for a workspace.
  • Create, manage, and delete users, outside users, and groups.
  • Assign the owner and manager roles for groups.
  • Configure email notification templates (globally, per workspace, and per shared inbox).

ATS (Aspera transfer service) administrator

Note: A user must be an Aspera on Cloud administrator to be assigned this role.

There may be one or more ATS admins in the org. An ATS admin is an org admin and may or may not be a member of a workspace.

A user can be assigned the ATS admin role in either of two ways:

  • Be the initial creator of an Aspera on Cloud organization.
  • Be assigned the role by an existing ATS administrator.

An ATS admin has these additional administrative privileges:

Workspace manager

A workspace manager is a member of a workspace with certain management privileges in that given workspace. This is an optional role in a workspace, since administrators can manage workspaces as required. Any number of user accounts can be designated as manager for a given workspace.

Note: The organization administrator configures the initial manager for a given workspace. Users with workspace manager privileges can grant and revoke that role for other workspace members.

Users assigned this role can do the following for the managed workspace only:

  • Edit the workspace profile, including branding, description, and naming.
  • Add, manage, and remove workspace members, including granting and removing manager privileges.
  • Create and manage groups.
  • View workspace activity.
  • In the Packages app, create, manage, and delete shared inboxes (including metadata and shared inbox members).
  • In the Files app, share folders from storage to one or more workspace members (requires node secret).
  • If specifically granted by the org admin:
    • Manage settings for the Files and Packages apps in that workspace.
    • Configure email notification templates and delivery options.
See also Delegate to a workspace manager.

Standard user

Standard users have membership in at least one workspace in the organization and can do the following:

  • If the standard user is a member of the Packages app in a workspace:
    • Send content to anyone in their workspace.
    • Get to know about other member of the workspace through the auto-complete function of the Send files window.
    • Download packages or package contents.
    • Invite others to send a package.
    • If Packages app collaboration settings (configured by administrator or workspace manager) permit:
      • Send packages to users outside the workspace and to colleagues without an Aspera on Cloud account.
      • Share files and folders with users outside the workspace and with colleagues without an Aspera on Cloud account.
      • Invite outside users to submit content.
      • If Packages app shared inbox privileges permit, send and receive content using an AoC shared inbox; invite outside users to join a shared inbox .
  • If the standard user is a member of the Files app in a workspace:
    • Share folders with anyone in their workspace.
    • Get to know about other member of the workspace through the auto-complete function of the Share window.
    • Assign access permissions for each folder for each person shared with.
    • Access folders shared with them according to the permission granted by the person who shared.
    • Download from their own Files app (if folder permissions permit).
    • If Files app collaboration settings permit:
      • Upload to their own Files app.
      • Create new folders in their Files app.
  • In Account settings (click the user icon in upper right of the interface, select Account settings):
    • Upload a user image.
    • Manage certain email notification settings.
    • Set a default language for AoC.
    • Set a default application, which opens automatically upon log in.
    • Set a default workspace, which opens automatically upon log in.

Limited user

Limited user are members of an AoC organization who do not have membership in any workspace. They appear in the organization user listing with their type listed as "Limited".

For example, an org admin or ATS admin may have no need for workspace membership. They can complete management tasks from the Admin app and may have no need to access the user functions of the Files or Packages apps.

As another example, when a member of a shared inbox with Add users permission adds a user who does not have AoC membership to the inbox, that user becomes a limited user of AoC. They can send packages to the specific shared inbox, but they do not have membership in any workspaces in the organization.

User status

  • Active: Active users have logged in to the organization at least once.
  • Pending: Pending users have received an invitation to join the organization but have not yet done so. The account remains in the pending state in the user database. The admin can re-invite a pending user.
  • Deactivated: Active or pending users can be deactivated by the administrator. The account remains in the user database, but the user cannot access their account or run API requests. The admin can reactivate a deactivated account.
Note: Deleted users don't appear in the user listing. Usage incurred by users who are later deleted remains recorded in the Activity app, although you cannot filter for the activity of a deleted user. Folders shared by a user remain available even after the user is deleted. But a submission link issued by a user of the Packages app becomes invalid when that user is deleted.