Role-based access control

Role-based access control helps you manage who has access to resources, what they can do with those resources, and what areas they can access.

Spinpanel roles provide fine-grained access management for Spinpanel, Partner Center, Azure, and Microsoft 365 resources in a multi-tenant way.  

How Spinpanel roles work

The way you control access using Spinpanel roles is to assign roles to individual users or a group of users. This is a key concept to understand – it's how permissions are enforced. A role assignment consists of three elements: members, role permissions, and scopes.

Members

Members can be individual users or a group of users. And a group can include specific members in a Spinpanel user or device group, an Azure security group, or a Microsoft 365 group.

Scopes
Scopes are the set of resources that the access applies to. In Spinpanel, you can specify a scope at three levels: Administrative unit, Organization, or Resource groups. Scopes are structured in a parent-child relationship, where members can have access to a role in their own organization or to a role in an organization that they manage.

Role permissions
Each role represents a collection of permissions. Role permissions list the operations that can be performed, such as read, write, and delete. Roles can be high-level, with a complete collection of permissions, like administrator roles, or specific, with a limited collection of permissions, like user roles. 

Role assignment

Add assignments is the process of attaching a role to individual users or a group of users to grant access. Access is granted by assigning a role, and access is revoked by removing a role assignment.  

You can either assign users or groups to a role by selecting the role from Roles and administrators and than clicking the Add assignments button or assign a role to an individual user by selecting a user on the Users page, choosing the Roles option and clicking the Add assignments button. We recommend always assigning roles to users through a group.

On the Roles and administrators page, roles are grouped by category by default. More information about the grouping of roles can be found below.

Role Categories and subcategories

Currently the following categories of roles are available.

  • Azure Active Directory - this group contains roles for managing Azure Active Directory .

  • Command blocks - this group contains roles for managing and working with Spinpanel Command blocks.

  • Partner Center - this group contains roles for managing Partner Center settings and customers in Spinpanel portal.

  • Platform - this group contains roles for managing Spinpanel platform specific features, i.e. roles, groups, price plans, reports but also users.

  • Subscriptions and licenses - this group contains roles for managing products and subscriptions.

It is also possible to group roles by subcategory. As the same subcategory can apply to roles in different categories, this allows you to find the role your looking for from a different angle.