The scope of a role Teamwork Cloud (TWCloud) is the extent of the area to which the role is relevant. There are two scopes of roles: global scope and resource-specific scope. A role whose scope is global does not need a resource assignment in order to accomplish the tasks; for example, a Resource Creator is considered to be a role that is involved in all current and incoming resources, including adding and categorizing resources. Therefore, a Resource Creator can exercise its permissions in any resource by default. A resource-specific scope is usually created for a particular resource, such as Resource Reviewer.

Global scope

A user with a Global scope role can access either general or specific information in TWCloud, such as viewing a user's profile or removing roles from a user. The permissions extend across all resources, protected objects, and users in TWCloud. A global role does not need to be assigned a resource to perform the tasks; for example, a user manager does not need to have a resource assignment to be able to create a new user.

Users with a global role (such as a User Manager who maintains and manages all user accounts in TWCloud) are authorized to carry out their tasks (aligned with the permissions) anywhere within TWCloud. Thus, there is no need to assign any resource to this role.

The following are the preexisting roles whose scope is global in TWCloud, along with their permission(s).


Global-scope rolePermission
Resource CreatorList all resources, categorize resources, and create resources.
Security ManagerList all resources/users and manage user permissions and security roles.
Server AdministratorConfigure server.
User ManagerCreate users, edit user properties, list all users, and remove users.


Custom scope

A custom scope is called Custom scope in TWCloud Admin. The role's permissions apply only to a specific resource. Users with this resource-specific role need a resource in order to perform a class of actions allowed by the role's permissions.

One user can have more than one resource-specific role; for example, user A can be both Resource Contributor in Resource A and Resource Manager in Resource B. This supports the working concept of different roles in each resource in an organization.

The resource-specific scope roles with their permissions in TWCloud are as follows:

Custom scope rolePermission
Resource ManagerAdminister/read/remove resources, edit resources, and their properties, list all users, manage model permissions and manage owned resource access rights.
Resource ContributorEdit resources and their properties, read resources.
Resource ReviewerRead resources.
Resource Locks AdministratorRelease locked elements.

The following figure illustrates the use of roles and their scopes.


A user can have more than one role with different scopes.

Related pages