BlueXP platform access roles
Suggest changes
PDFs
Assign platform roles to users to grant permissions to perform administration tasks in BlueXP, assign roles, add users, create Connectors, and manage federations.
XYZ Corporation organizes data storage access by region—North America, Europe, and Asia-Pacific—providing regional control with centralized oversight.
The Organization admin in XYZ Corporation's BlueXP creates an initial organization and separate folders for each region. The Folder or project admin for each region organizes projects (with associated resources) within the region's folder.
Regional admins with the Folder or project admin role actively manage their folders by adding resources and users. These regional admins can also add, remove, or rename folders and projects they manage. The Organization admin inherits permissions for any new resources, maintaining visibility of storage usage across the entire organization.
Within the same organization, one user is assigned the Federation admin role to manage the federation of the organization with their corporate IdP. This user can add or remove federated organizations, but cannot manage users or resources within the organization. The Organization admin assigns a user the Federation viewer role to check federation status and view federated organizations.
The following tables indicate the actions that each BlueXP platform role can perform.
Organization administration roles
| Task | Organization admin | Folder or project admin |
|---|---|---|
Create Connectors |
Yes |
No |
Create, modify or delete working environments (add or discover new resources using the BlueXP canvas) |
Yes |
Yes |
Create folders and projects, including deleting |
Yes |
No |
Rename existing folders and projects |
Yes |
Yes |
Assign roles and add users |
Yes |
Yes |
Associate resources with folders and projects |
Yes |
Yes |
Associate Connectors with folders and projects |
Yes |
No |
Remove Connectors from a folders and projects |
Yes |
No |
Manage Connectors (edit certificates, settings, and so on) |
Yes |
No |
Manage credentials from Settings > Credentials |
Yes |
Yes |
Create, manage, and view federations |
Yes |
No |
Register for support and submit cases through BlueXP |
Yes |
Yes |
Use data services |
Yes |
Yes |
View the BlueXP timeline and notifications |
Yes |
Yes |
Federation roles
| Task | Federation admin | Federation viewer |
|---|---|---|
Create a federation |
Yes |
No |
Verify a domain |
Yes |
No |
Add a domain to a federation |
Yes |
No |
Disable and delete federations |
Yes |
No |
Test federations |
Yes |
No |
View federations and their details |
Yes |
Yes |