Skip to main content

Organization-managed Roles: Centralize Access Across Workspaces

Centralize role management across workspaces to ensure consistent permissions, reduce overhead, and enable seamless use of roles in workflows and integrations.

Overview

Manage roles across multiple workspaces

Organization-managed roles allow you to create and manage custom roles centrally, making them available across all workspaces in your organization. Instead of configuring roles separately in each workspace, you can centrally control them at the organization level and apply them across all workspaces. This creates a single source of control, ensuring that any role updates are automatically propagated and consistently enforced everywhere.

This capability is designed for large organizations and MSSPs that operate multiple workspaces and need consistent role definitions, permissions, and access control.

Why use organization-managed roles

Managing roles per workspace can lead to:

  • Operational overhead: Recreating the same roles in multiple workspaces.

  • Inconsistency: Roles with the same name but different permissions.

  • Integration gaps: Different role IDs prevent consistent use in shared workflows (for example, Interact permissions).

Org-manged roles solve these challenges by providing a single source of truth for role definitions.

Key capabilities

  • Centralized role management: Create custom roles once and use them across all workspaces.

  • Consistent role IDs: Organization roles share the same identity across workspaces.

  • Cross-workspace assignment: Assign org-managed roles to users in any workspace.

  • Visibility: Clearly distinguish between org-managed and workspace-managed roles.

How to use

Manage roles centrally at the organization level to ensure consistent access control across all workspaces. This section allows you to view and update roles that are shared and enforced organization-wide.

Create an organization-managed role

Create org-managed roles to define permissions once and apply them consistently across all workspaces in your organization.

  1. Access the Organization Management page: Click on Organization Management at the bottom of the workspaces list.

  2. Open org-managed role settings: Navigate to the Manage > Roles.

  3. Create role: Click Create role.

  4. Define role: Enter a role name and description.

  5. Configure permissions: Select the required scopes (for example, UI Access, Case Management, Integrations).

  6. Save role: Click Save. The role is now available across all workspaces in the organization.

  • Org-managed role names must be unique across all workspaces.

  • Workspace-managed roles cannot use the same name as an org-managed role.

Manage roles

You can manage org-managed roles by editing their configuration, duplicating them to create new roles based on existing definitions, or deleting roles that are no longer needed.

Edit a role

Update an existing role to modify its name, description, or assigned permissions.

  1. Open role menu: Locate the role in the list and click the three-dot (...) menu.

  2. Edit role: Select Edit.

  3. Update details: Modify the role name, description, or scopes as needed.

  4. Save changes: Click Save to apply updates across all workspaces.

Duplicate a role

Duplicate a role to quickly create a new role based on an existing configuration.

  1. Open role menu: Locate the role and click the three-dot (...) menu.

  2. Duplicate role: Select Duplicate.

  3. Update details: Enter a new name and adjust permissions if needed.

  4. Save role: Click Save to create the new role.

Delete a role

Delete a role that is no longer required.

  1. Open role menu: Locate the role and click the three-dot (...) menu.

  2. Delete role: Select Delete.

  3. Confirm deletion: Confirm the action to permanently remove the role.

View default roles

Default roles are predefined org-managed roles that provide standard permission sets. These roles cannot be edited but can be viewed or duplicated for customization.

  1. Open role menu: Locate the default role in the list and click the three-dot (...) menu.

  2. Select view: Click View to open the role details.

  3. Review permissions: Inspect the role name, description, and assigned scopes.

  4. Close view: Click Close when finished.

View role users

You can view all users assigned to a specific role, along with the workspaces where the role is applied.

  1. Locate role: Find the role in the list.

  2. Open users list: Click the Users count next to the role.

  3. Review users: View the list of users assigned to the role, including their associated workspaces.

  4. (Optional) Search users or workspaces: Use the search field to find specific users or workspaces.

  5. (Optional) Copy user email: Click the copy icon next to a user to copy their email address.

Organization-managed roles in workspaces

Use centralized roles within individual workspaces

Org-managed roles are automatically available in all associated workspaces. This allows you to apply consistent permissions across environments while still managing access at the workspace level.

View role scope in a workspace

In the workspace Roles page (Settings > Security > Roles), roles are clearly labeled by scope:

  • Org-managed: Roles created and managed at the organization level and shared across all workspaces.

  • Workspace: Roles created locally within the workspace.

This distinction helps you understand where each role is managed and whether it can be edited locally.

Work with organization-level roles

Org-managed roles behave differently from workspace roles:

  • View only: Organization roles cannot be edited from the workspace.

  • Duplicate if needed: You can duplicate an organization role to create a workspace-level version for local customization.

  • Consistent permissions: Changes made at the organization level are automatically reflected in all workspaces.

Assign organization roles

Org-managed roles are available when assigning roles within a workspace:

This ensures consistent access control across all workspaces.

Use in workflows and integrations

Org-managed roles maintain the same role ID across workspaces, enabling:

  • Shared workflows: Use the same roles across multiple workspaces without conflicts.

  • Permission consistency: Avoid mismatches in role-based actions (for example, Interact permissions).

Best practices

  • Use org-managed roles for standard, repeatable access patterns.

  • Use workspace roles only for environment-specific customization.

  • Duplicate organization roles only when local deviations are required.

Org-managed roles provide a scalable way to enforce consistent access control while still allowing flexibility at the workspace level.

Related Articles
Share Workflows Across Torq Workspaces
Share Integrations Across Torq Workspaces
Share Workspace Variables Across Torq Workspaces
Torq Roles and Scopes: Manage Access and Permissions
Manage Cross-Workspace Dashboards
Did this answer your question?