Overview
Surface Command offers the role-based access control capability by utilizing the roles mechanism in the Command Platform. This RBAC mechanism provides a way to limit access to features within Surface Command, but does not discriminate based on data.
The basic mechanism is explained at Manage Command Platform users with role-based access control (RBAC) | Insight Platform Administration Documentation so this article explains how it applies to Surface Command.
Roles
Default Role
Out of the box, a new Surface Command tenant is given a built-in default role:
Users in this role can access Surface Command with full admin privileges.
Custom Roles
To provide limited access to Surface Command, a platform admin will need to create a custom role that has one or more of the following permissions associated with it:
Example
For example, to provide some users with read-only access, create a role like this:
and then assign users to this role.