Role-based access control

Role-based access control helps you manage who has access to resources, what they can do with those resources, and what areas they can access.

Spinpanel Roles and administrators

Spinpanel roles provide fine-grained access management for Spinpanel, Partner Center, Azure, and Microsoft 365 resources in a multi-tenant way.

What can I do with Spinpanel roles?

Here are some examples of what you can do with Spinpanel roles:

  • Allow one user to manage licenses and another user to view reports.
  • Allow a group of users to manage a subset of organizations.
  • Allow a user to manage licenses in another organization.
  • Allow a user to manage all resources in a resource group.

How Spinpanel roles work

The way you control access using Spinpanel roles is to assign roles to individual users or a group of users. This is a key concept to understand – it's how permissions are enforced. A role assignment consists of three elements: members, role permissions, and scopes.

  • Members
    Members can be individual users or a group of users. And a group can include specific members in a Spinpanel user or device group, an Azure security group, or a Microsoft 365 group.
  • Role permissions
    Each role represents a collection of permissions. Role permissions list the operations that can be performed, such as read, write, and delete. Roles can be high-level, with a complete collection of permissions, like administrator roles, or specific, with a limited collection of permissions, like user roles. Spinpanel includes a documented set of built-in roles.
  • Scopes

    Scopes are the set of resources that the access applies to. In Spinpanel you can specify a scope at three levels: Administrative unit, Organization, or Resource groups. Scopes are structured in a parent-child relationship, where members can have access to a role in their own organization, or to a role in an organization that they manage.

Role assignment

Add assignments is the process of attaching a role to individual users or a group of users, for the purpose of granting access. Access is granted by assigning a role, and access is revoked by removing a role assignment.

Multiple role assignments

If an individual user or a group of users have multiple overlapping role assignments the sum of the assignments determines the access a member has.