Roles
In the Sitecore Cloud Portal, you can assign different roles to a person to control their access to apps and features. There are two types of roles in the portal:
-
Organization role - determines if you can invite others to the organization, assign roles, and perform other admin tasks.
-
App roles - determine which apps a team member can access and their role in each app. Each Sitecore product has a unique set of app roles.
People with the Organization Owner or Organization Admin role automatically have the highest role in all apps in the organization.
Organization roles
Your organization role determines your default app access and your ability to manage team members and your organization's settings.
You assign an organization role to a person when you invite them to your organization and can change a team member's role from their details page.
A team member cannot change their own organization role or remove themselves from an organization.
-
Organization Owner - always has the highest role in all apps. Can invite new team members and make them an Organization Owner, Organization Admin, or Organization User and manage the organization's settings.
-
Organization Admin - always has the highest role in all apps. Can invite new team members and make them an Organization Admin or Organization User and also manage the organization's settings.
-
Organization User - only has access to assigned apps. Cannot invite other team members or modify their role and cannot manage the organization's settings.
Organization Owner
When an organization is created, Sitecore sends an email invitation to the assigned organization owner. This person has the Organization Owner role, which means they can invite other team members to the organization.
To add more Organization Owners, you must be an Organization Owner.
We strongly recommend that you have more than one Organization Owner, in case one of them leaves the organization unexpectedly or cannot log in to their account. If your Organization Owner plans to leave, they must first assign a new Organization Owner.
An Organization Owner has full power over the organization and can do everything related to access management and organization administration. They always have the highest app role in all apps in the organization.
Organization Admin
An Organization Admin is nearly identical to an Organization Owner, however, they cannot manage Organization Owners. They always have the highest app role in all apps in the organization.
Organization User
An Organization User uses the Sitecore Cloud Portal to access their organization's DXP products. They cannot perform any access management or organization administration.
Organization Users only have access to the apps that an Organization Admin or an Organization Owner assigns to them. By default, they do not have access to any apps.
To give an Organization User access to an app, an Organization Owner or Organization Admin must assign them an app role in the specific app.
Organization role capabilities
The following table shows the capabilities available for each organization role:
Capability |
Organization Owner |
Organization Admin |
Organization User |
---|---|---|---|
Access all apps in the organization |
|
|
|
Access only apps where they have a specific app role |
|
|
|
|
|
| |
Change the organization role and app roles of other team members |
|
|
|
Change their own organization role or app roles |
|
|
|
Assign the Organization User role |
|
|
|
Assign the Organization Admin role |
|
|
|
Assign the Organization Owner role |
|
|
|
|
|
| |
Remove themselves from the organization |
|
|
|
|
|
| |
|
|
| |
Access the XM Cloud Deploy app |
|
|
|
Use the Common Audit Log's Webhook REST API |
|
|
|
|
|
|
App roles
An app role determines whether an Organization User can access a specific app, and what they can do in that app.
By default, an Organization User does not have access to any apps in the organization and needs to be assigned app roles. People with an Organization Admin or Organization Owner role automatically have the highest role in all apps.
Each Sitecore product can have different roles, and depending on the app role assigned, a team member might have limited or no access to certain features within an app.
Use the following links to learn more about app roles for specific Sitecore products: