Access management

With the Sitecore Cloud portal, you can access organizations and tenants (also known as apps), and manage users and their roles.

A user, or team member, is anyone who belongs to one or more organizations. Organizations can have multiple tenants. Every user has an organization role and a tenant role.

Note

Roles are assigned to users when someone invites them to Content Hub ONE, but those roles can be modified later by anyone with sufficient permissions.

Organization roles

At the organization level, there is an Organization Owner role that allows users to oversee access and organization management, and to access all tenants in the organization. This user can invite new users, assign roles, and manage admin settings at the organization and portal level. An Organization Owner can assign the owner role to other users. We strongly recommend that you have more than one Organization Owner.

There are two other organization roles:

  • Organization Admin, who manages users and has access to all tenants. They can invite new users to the organization, assign roles, and manage organization settings, but can't manage Cloud portal settings or organization owner settings.

  • Organization User, who can only access a specific tenant within an organization, and has no responsibility for the management of users or the organization as a whole. Each Organization User is assigned a role for each tenant they have access to.

Note

A user cannot change their own organization role or remove themselves from an organization.

Tenant roles

For each tenant, an Organization User can be assigned one of the following roles: Admin or User. In the following example, Mary has been invited to join the organization as an Organization User. She can access two Content Hub ONE tenants.

For each tenant, she has been assigned a different role:

  • For the SUGCON US instance, she has the Admin role, which makes her an Administrator in Content Hub ONE for that tenant.

  • For the SUGCON EU instance, she has the User role, which makes her an Editor in Content Hub ONE for that tenant.

Note

To remove a user's access to a specific tenant, their role for that tenant is No access.

Content Hub ONE roles

A user can be assigned one of the following roles in Content Hub ONE:

  • Administrator, which is usually assigned to content modelers and developers. An administrator can manage content types, taxonomies, content items, media items, locales, and API keys. They can also see OAuth client credentials, invite users to an organization, and create support tickets.

  • Editor, which is usually assigned to content authors. An editor can access a specific tenant within an organization, manage and publish content and media items, and view taxonomies. They cannot invite others to the organization or create support tickets.

Role mapping

The following table summarizes how organization and tenant roles relate to each other and how these roles are applied to a Content Hub ONE tenant. The role you have in Content Hub ONE is determined by the roles you are assigned at the organization and tenant levels. This means, for example, that if you have the Organization User role and the tenant-level Admin role, you are automatically assigned the Administrator role. Likewise, if you have the Organization User role and the tenant-level User role, you are automatically assigned the Editor role.

Organization role

Tenant role

Content Hub ONE role

Organization Owner

n/a

Administrator

Organization Admin

n/a

Administrator

Organization User

Admin

Administrator

Organization User

User

Editor

Organization User

None

None

Do you have some feedback for us?

If you have suggestions for improving this article,