User roles in Workplace Analytics
Users of Workplace Analytics require the proper level of access to areas of the product to be able to perform their required tasks. This topic describes the roles and responsibilities of users and the levels of access that each role requires.
The administrator of Office 365 or Azure Active Directory grants the levels of access that are described in this topic.
Role descriptions and access levels
These are the Workplace Analytics roles and their level of access:
Analyst - Has full access to all service features except two pages (Upload and Admin settings) that are meant only for admins. The Analyst role provides analysts with the most complete access to data.
Analyst (Limited Access) - Same access as for those in the Analyst role but with the following restrictions:
- No access to Queries.
- Only read-only access to the Analysis settings page (on which meeting exclusion rules are defined).
Administrator - Has access to the Settings menu and through it the Data sources, Upload, and Admin settings pages. The Workplace Analytics admin has the responsibility to configure privacy settings and system defaults and to prepare, upload, and verify organizational data.
Workplace Analytics admins are not Office 365 admins. Therefore, unless they have also been granted the role of Office 365 administrator, they have access only to organizational data, not to Office 365 data.
Program manager - Has access to the Home page of Workplace Analytics. Program managers also can open the Plans page and its Manage page, where they can set up plans; and to the Track page, where they can track the progress of active plans and the state of ended plans.
People managers is not assigned like the other roles. They get access to their team's data in Workplace Analytics as set in Manager settings.
User roles are each distinct in their assigned responsibilities and access permissions. Each user role only gives access to actions, pages, dashboards, and data that correspond with that role. Roles are assigned independently, are non-cumulative, and do not roll up.
The following shows who can access what in Workplace Analytics.
|Page||Page description||Administrator||Analyst||Analyst (Limited Access)||Program manager||People manager|
|Home||View highlights from the latest data; see the latest notifications||(team only)|
|Explore: View a series of dashboards that provide insights into the way your organization collaborates|
|Queries: Perform deeper exploration of the data through custom querying tools|
|Plans||Create programs to help participants improve workplace behaviors.||(team only)|
|Sources: Help to verify that the Office 365 data and organizational data have been loaded properly and are available for analysis|
|Upload: Upload an organizational data file to Workplace Analytics|
|Analysis settings: Exclude meetings from analysis that would otherwise skew your results. The Analyst (Limited access) role has read-only access to this page.|
|Admin settings: Configure system defaults, privacy settings, and manager settings|
The following shows who can do what in Workplace Analytics.
|Function||Administrator||Analyst||Analyst (Limited Access)||Program manager||People manager|
|Configure system defaults, privacy settings, and manager settings|
|Upload organizational data into the system|
|Use the full set of analyst tools on the Sources and Analyze (Explore and Queries) pages to perform analysis|
|Serve as HR data provider and Workplace Analytics tool owner|
|Help coordinate, setup, and manage change plans||(team only)|
Levels of responsibility
People with access to Workplace Analytics should ideally have previous experience for their level of access. Preferably, they should have previously undergone security and privacy training in handling sensitive data.
|Access level||Administrator||Analyst||Analyst (Limited Access)||Program manager||People manager|
|Ability to view personally-identifiable, individual-level organizational data (including email addresses and HR fields such as level and organization)|
|Ability to view de-identified, individual-level data:
|Ability to view aggregated and de-identified Office 365 data (metrics about collaboration time and relationships)|
|Can create custom plans to be deployed to groups and can influence the pages that users see in MyAnalytics||(team only)|
Consider the following personas when granting the different levels of access to Workplace Analytics.
|Persona||Administrator||Analyst||Analyst (Limited Access)||Program manager||People manager|
|HR data provider / Workplace Analytics tool owner|
|Group or team manager|
Access to resources
In Azure Active Directory, you can assign access rights to users by assigning roles to them. For general information on accessing resources, and for information on the specific methods of role assignment in Azure AD, see Related topics.
Aspects of role assignment
How many assignees?
The size of your organization and your requirements for managing organizational data determine the number of people to whom you assign the roles of Workplace Analytics admins and analysts. The number of analysts should be as many as your organization requires to perform data analysis. Workplace Analytics imposes no limit on the number of role assignments.
Multiple roles for one person
You can assign multiple Workplace Analytics roles to one person. It's up to your organization to choose who is assigned which role or roles. Examples:
- One person can be both an Office 365 admin and a Workplace Analytics admin.
- One person can be both a Workplace Analytics admin and a Workplace Analytics analyst. It is best practice, however, to assign the admin and analyst roles to different people to prevent any misuse of or external linking to organizational data with collaboration metrics.
In the Azure Portal, you can assign multiple roles to one account but you can assign only one role at a time. In the Azure portal, add the first role, click Select, return to the user list, and then select the same account again to choose the next role for that account. (Note that role assignment in Workplace Analytics is performed in the Azure Portal and not in the Office 365 dashboard.)
Limiting analyst access
The analyst (limited access) role is for an analyst who needs access only to the insights that are displayed in the Workplace Analytics Explore dashboards.