...
To comply with Data Governance and restrict the access to content, the following are User Roles are proposed:
Default roles
Default roles are based on out-of-box roles with a slight change on User, removing some sharing capabilities.
Administrator: Full privileges
Viewer: Can be part of a closed group. Can view content shared with the group or publicly. Can not save content
User: Can upload files, create maps, apps and dashboards. Cannot create groups or share content with the organization.
Publisher: User capabilities plus can share content from desktop to portal, can create groups and share publicly
User Role Privileges
Default Administrator
...
Default Viewer
...
Default User
...
Default Publisher
...
Business Unit roles
Business Unit roles target specific organization needs. It assigns the management of content to Unit Administrator while leaves the Unit Publisher with the capabilities of create content and integrate with desktop applications
Unit Administrator: Can create groups, set group visibility, share with portal and public
Unit Publisher: Default User capabilities plus can share content from desktop to portal. Cannot create groups or share content with the organization.
User Role Privileges
Unit Administrator
...
Unit Publisher
...