Home
/
Blog
/
Role Based Access in Microsoft Teams

Role Based Access in Microsoft Teams

Table of Contents

Role-based access in Teams helps you manage user access to store data in your organization. By assigning roles to your users, you can limit what they can see and change in the powerful web application. Each role has a set of permissions that determine what users with that role can access and change within your organization.

What is a Role?

A role defines the set of permissions granted to users assigned to that role. For now, the Microsoft Teams has four built-in roles. They cover some common scenarios for users in your organization involved in managing your rooms.

To see roles, in the left navigation of the Microsoft Teams Rooms managed service portal, go to Roles, and then select any of the roles to see the role’s properties, permissions, and assignments.

Properties: The name, role type, and description
Permissions: Lists features and level of permissions to which the role has access.
Assignments: A list of role assignments defining which users have the configured permissions over the scope of room resource accounts. A role can have multiple assignments, and a user can be in multiple assignments.

Role Based Access in Teams

Something we relied highly on in Skype for Business Server was RBAC. It enabled administrators to give permissions for those who need them without giving “god mode” to everyone within these cloud applications.

Microsoft Teams has several RBAC roles. The following four new custom roles are automatically enabled.

Teams Service Administrator: The overall Teams workload admin, who can also manage and create O365 Groups. This role has access to all the controls available in the Microsoft Teams and Skype for Business admin center and their corresponding equivalents. For example, this role can manage all collaborative experiences, meetings, voice, messaging, and org-wide settings on computers and on their mobile device.
Teams Communication Administrator: This role can manage meetings and calling functionality in Microsoft Teams.
Teams Communications Support Engineering: Users who are assigned this role have access to advanced call analytics tools.
Teams Communications Support Specialist: This role has access to basic call analytics tools. For example, the can view information for the specific users being searched for.

You can assign built-in roles to groups or users without further configuration and developer tools. Keep in mind that you can't delete or edit the name, description, type, or permissions of a built-in role. To create, edit, or assign roles, your account must have one of the following permissions:

Global Administrator through Azure Active Directory (Azure AD)
Managed Service Administrator through the Microsoft Teams Rooms managed service portal

Furthermore, the table below summarizes the informed actions and what each role can do.

features	permission	managed service administrator	SITE LEAD	SITE TECH
Rooms	View	✓	✓	✓
	Modify	✓	✓	✓
	Reset Key	✓
	Download Key	✓	✓	✓
	Unenroll	✓	✓	✓
Group Management	Create	✓
	View	✓	✓
	Modify	✓
Update Ring Management	Create	✓
	View	✓
	Modify	✓
Reports	View	✓	✓
Ticket Management	Create Customer Incident	✓	✓	✓
	View	✓	✓	✓
	Update	✓	✓	✓
Microsoft Teams Rooms Managed Service Settings	View	✓
	Modify	✓
Role Management	View	✓
	Modify	✓

Find out more about admin roles to manage teams here.

Assigning a Role in Microsoft Teams

To assign a role to users, you must have the Global Admin role or Managed Service Administrator.

In the left navigation of the Microsoft Teams Rooms managed service portal, go to Settings > Roles.
Select the role you want to assign.
In the role pane, select Assignments > Add.
On the General settings page, under Assignment properties, enter a name for this assignment. The description is optional. Choose Next.
On the Members page, in the Search for user or security group box, enter the name of a user or security group in your tenant to which you want to give permissions, and then complete the selection. Choose Next.
On the Scope page, in the Search for room or room group box, type the name of either a room or room group that the user will be allowed to manage. Choose Next.
On the Finish page, review the details of the assignment. If you're satisfied with the configuration, choose Add assignment. If you want to edit a section, use the Previous button or select the step in the left navigation.

Normally, assigning role based access is a simple process, but if you feel like you could use some help, you can always consult a Microsoft Gold Partner to help you set things up in a way that ensures there aren no threats across devices.

Last Updated 7 days ago

About the Author

Rijah is a professional Marketing Executive & content specialist. You may know her from her greatest hits like, "No, I can't just make it go viral." or "No, you can't have everybody as your audience." and "Yes, you're absolutely going to need a copywriter!"

Rijah Naseem

Share0

Tweet0

Share0