Reference | Centralized versus delegated workspaces#

Your workspace structure can vary depending on how you prefer to share content with business users. This article outlines two common structures for setting up permissions and roles for workspaces. You will likely find that the best balance for your organization lies somewhere between the two.

Centralized structure#

In a centralized workspace structure, instance admins:

  • Retain workspace creation (instance) privileges.

  • Grant Publish on workspaces (instance) privileges to project admins. With each new workspace, the instance admin grants someone the workspace admin role, allowing them to autonomously manage workspace membership.

../../_images/workspaces-centralized-structure.png

When you need a new workspace:

  1. The instance admin creates it.

  2. They grant the workspace Admin role to a user who will be in charge of managing workspace membership.

  3. The workspace admin grants the Contributor role to whoever will be publishing content into their workspace and grants the Member role to all other users.

  4. The relevant workspace admin adds any new workspace users to their respective workspaces.

To control how users share content from projects, the instance admin grants Publish on workspaces privileges to a group of project admins. Those project admins are given the Contributor role to the relevant workspaces and publish content from their projects into the workspace.

Pros

Cons

  • Manage the proliferation of workspaces.

  • Tighter control over sharing content from projects.

  • New workspace creation can be bottlenecked through the instance admin.

  • Restrictive content sharing policy.

Delegated structure#

For a delegated structure, the instance admin:

A group of workspace Admins can create and manage any new workspace. This allows

  • Delegates Create workspaces (instance) privileges to a group of users who will administer workspaces. A group of workspace Admins can create and manage any new workspace. This allows them to manage Workspaces — and any associated process — autonomously.

  • Delegates Publish on workspaces (instance) privileges to a group of users who will moderate workspace content.

  • Grants Publish on workspaces (project) privileges to a group of Designers who will be responsible for publishing content into a workspace when it’s ready. These are the users who will be the primary points of contact for any stakeholder questions.

Example of a delegated workspace structure

Project admins grant those same Designers Publish on workspaces (project) privileges in the necessary projects, allowing the Designers to share an object outside of the project.

At the same time, the workspace Admins grant those Designers a Contributor role so that they can publish objects into the relevant workspace.

Pros

Cons

  • Teams and stakeholder groups can autonomously create workspaces as needed.

  • Easy to share content into workspace from a variety of projects.

  • Can lead to a proliferation of workspaces.

  • Harder to manage large numbers of workspaces.