Tenant Admin
Role overview
Your Mission: You are the administrator of your organization's instance. Your primary goal is to build the foundation for collaboration by inviting the right people and ensuring they have the correct permissions to do their work.
Why your role is vital: You are the "Enabler". Without your initial setup, Data Architects, Stewards and Owners cannot access the platform to begin creating Data-related elements.
Defining your scope: You manage Users, Groups and Roles, not the data-related elements itself. You setup the domain-specific process requirements and you empower others to handle it.
Your core responsibilities
- User Management: You are responsible for onboarding your team. You invite new users to the platform and manage their accounts.
- Access Control: Using Groups and Roles, you define the boundaries of what each user can see and do within your organization's tenant.
Outside your scope
It is not your responsibility to create data-related elements or to govern them. If you want to work with data-related elements themselves, the Data Architect or Data Steward role is likely the right role for you.
To manage permissions effectively, it helps to understand the authorization model CIVITAS/CORE uses to grant access:
The access logic: Access is always the result of a User being assigned to a Group, which has been assigned to specific Roles.
Scopes: Roles are limited to specific "Scopes" (functional areas). This ensures that users only interact with the parts of the platform relevant to their specific tasks.
→ Deep Dive Authorization Model
Typical administrative tasks
Beyond the initial setup, your day-to-day administration involves:
- Systematic User Onboarding: Creating users in the UI. Once saved, the system automatically sends a secure invitation email with a login link.
- Structuring the Organization: Building groups that mirror your actual organization (e.g., by Departments, Offices, or specific use cases like "Traffic Monitoring").
- Scaling Permissions: Assigning roles to entire groups rather than individuals. This is a necessity for maintaining a secure and manageable platform as your team grows.
Your first steps
To get your organization started with CIVITAS/CORE, follow this path:
- Familiarize yourself with the User List: Open the User Management section from the sidebar to see an overview of all current members in your tenant.
- Familiarize yourself with the standard role set and the difference between system roles and data roles.
- Plan out how your organization could be split into logical Groups.
- Invite your Core Team: Use the + Create User (+ User erstellen) workflow to invite your to-be Data Architects and Data Stewards so they can begin structuring your data ecosystem.
- Assign Roles: Ensure each invited user is assigned to the appropriate Group and Role right from the start.
Best practices & avoiding mistakes
- Avoid "Tailored" Roles: Never customize a role for a specific individual. Always assign roles to Groups. If an employee leaves, your permission structure remains intact for their successor.
- Mirror your Organigram: Building your Groups based on your existing organizational chart makes management intuitive.
- Make essential assignments: Assign at least one group with a data role with platform-wide scope to let them start creating data-related elements (→ Deep Dive Authorization Model)
Key terms to know
To manage your tenant effectively, please review these terms in our Glossary:
- User: An individual invited to your tenant via their email address.
- Groups: A way to organize users logically (e.g., "Department A").
- Roles: A set of permissions that defines a user's functional capabilities (e.g., "Data Steward").
- Scopes: The organizational or functional boundary within which a specific Group and specific Role is active. Scopes are either the platform, or a specific data-related elements like data structure, data source or Dataset.
- Permissions: A granular rule that defines a single allowed action within the system, such as "read Dataset" or "update Data source".
- Authorization: The security mechanism that determines the specific actions a user is permitted to perform based on their assigned permissions.
Deep Dives
← Data Architect | Data Steward →