Skip to content


A role is a collection of permissions that can be assigned to a user or user group. When you assign a role to a user, the user receives all the rights defined for the corresponding role. You can manage the access rights of your employees through role assignments. The "User" tab shows the role assignment, which indicates to which user group the role is assigned.
Standard User group

You can create the following types of roles:

  • App roles
  • Core app roles
  • Custom roles
  • Standard roles

App roles

Each application offers individual roles that grant access to the application. Every application in the Insights Hub can have its own app roles that can be assigned to relevant users. The app roles are either used by Insights Hub for core applications, such as Asset Manager, or by the developer for third party applications.
Roles for other applications will be made available in Settings automatically once the app is bought. For example, you can assign the Visual Flow Creator User role to users via Settings to grant them access to the Visual Flow Creator.

Core app roles

Core app roles are app roles of Insights Hub system tools like Asset Manager or Insights Hub Monitor.
You can identify core app roles with the prefix: mdsp:core.
You can configure core app roles in your tenant to make them available.

Custom roles

Custom roles are flexible roles that you can define.
You can bundle roles from each role category within the custom roles, such as default roles, app roles, or custom roles, into a new role. This feature enables you to assign specific combinations of permissions to both individual users and user groups.

Standard roles

A standard role is a set of app roles.


You can use the core app roles for the assignment of single apps, like Insights Hub Monitor. Please also assign the Launchpad role for accessing apps.

User interface "Roles"

The following screenshot shows the "Roles" user interface:

Create custom roles

① Creates a new custom role

② Opens a core app role configuration window

③ Role details:

- Name of the role

- Description of the role <br/>

⑤ List of all users assigned to the role

⑤ Edits the user assignment to assign or remove users from the role

⑥ Opens selected user information to change their assignments.

Edit assignment screen

The "Edit assignment" screen allows you to assign or remove users from the role. You can filter users according to fixed parameters.
Edit assignment screen

Filter parameter of "Edit assignment"

You can use the "Filter" option and combine the parameters to find a specific user. The following table shows the filter parameters:

Filter Description
Selected Shows all selected users of the "Edit assignment" screen.
Unselected Shows all unselected users of the "Edit assignment" screen.
Changed Shows all changed and unsaved users. The list also highlights changed users.
Unchanged Shows all unchanged users.
Subtenant user Shows all subtenant users.
Global user Shows all global users.

Standard roles

A standard role consists of different permissions to use particular applications in Insights Hub and can be subdivided into the following categories:

  • Administrative access: Full use without restrictions within a tenant. mdsp:core:TenantAdmin, mdsp:core:OperatorAdmin, mdsp:core:DeveloperAdmin
  • Standard access: Restricted use within a tenant. The system manuals of the apps provide detailed information about the permissions. mdsp:core:TenantAdmin, mdsp:core:OperatorAdmin, mdsp:core:DeveloperAdmin
  • Subtenant access: Restricted use as a subtenant user within a tenant. mdsp:core:SubTenantUser

The system manuals of the apps provide detailed information about the permissions.

The following table describes which license you need to utilize the respective default role:

Standard role Role ID
TenantAdmin mdsp:core:TenantAdmin
StandardUser mdsp:core:StandardUser
SubtenantUser mdsp:core:SubTenantUser
OperatorAdmin mdsp:core:OperatorAdmin
DeveloperAdmin mdsp:core:DeveloperAdmin
Developer mdsp:core:Developer

You can find detailed information on each standard role in the following sections:

Assign users to a role

You can assign a user to a role from the "Roles" tab or assign roles to a user from the "Users" tab. For more information about users, refer to the section Managing users.


To assign a user to a role, proceed as follows:

  1. In the left navigation, click "User Management", select "Roles".
  2. Select the required role from the selection list and then click "Edit assignments".
  3. Select the users from the "Edit assignment" list.
  4. You can use the "Filter" option to find the required users faster. For more information about filters, refer to the section Filter parameter of "Edit assignment".
  5. Select or deselect the appropriate checkboxes to assign or unassign users to the role.
  6. Click "Next".
  7. Click "Save" to save the changes and then click "Close".


The selected users are assigned a role successfully. The corresponding users have to log in again to make the changes effective.


After reassigning roles, you need to log out and log in again for the changes to take effect.

Create custom roles


To create a custom role, proceed as follows:

  1. In the left navigation, click "User Management", select "Roles".
  2. Click create-user or "Create custom role" to create a new custom role.
  3. Enter a name and description.
  4. Click "Create custom role".


  • A new custom role is created successfully.
  • The newly created custom role appears in the custom role list.
  • You can customize the new role by adding roles, users and user groups.

Configure core app roles

You can enable core app roles in your tenant to use them for finer grained access control.


To enable core app role, proceed as follows:

  1. In the left navigation, click "User Management", select "Roles".
  2. Click core app role settings to open the core app roles configuration window.
  3. Select the core app roles you want to use in your tenant and click "Next".
  4. Click "Save" to save the latest changes and use the core app roles in your tenant.

Disable core app roles

You can also disable a core app role by deselecting it. Disabling a core app role removes the role from all assigned users, user groups and roles. It is important to note that associated permissions granted to your user will be removed.


  • The core app roles are successfully added to your tenant and can be utilized based on your requirements.
  • The core app roles are added to a custom role.

Last update: June 13, 2024