{"id":135,"date":"2020-02-17T16:24:09","date_gmt":"2020-02-17T15:24:09","guid":{"rendered":"https:\/\/help.metashare.com\/metashare-help-faq-how-do-i-assign-metashares-roles-in-azure\/"},"modified":"2025-08-05T09:41:01","modified_gmt":"2025-08-05T07:41:01","slug":"assign-application-roles","status":"publish","type":"page","link":"https:\/\/help.metashare.com\/en\/metashare\/get-started\/setup\/assign-application-roles\/","title":{"rendered":"Assign application roles"},"content":{"rendered":"\n

Available user roles in MetaShare<\/h2>\n\n\n\n

There are a few roles that grant you different privileges in MetaShare. The roles are defined as Entra ID application roles that are managed from your Azure Portal. Any user must have at least one role. If you have the necessary Microsoft 365 licenses, roles can also be assigned to groups.<\/p>\n\n\n\n

Security administrator<\/h3>\n\n\n\n

Can manage security settings in MetaShare. Today, that is what users and groups are assigned as site collection administrator to SharePoint site collections created by MetaShare.<\/p>\n\n\n\n

\n

Recommended<\/h4>\n\n\n\n

It is strongly recommended that you assign a service account as Site collection administrator and a security group as Secondary site collection administrator in MetaShare\u2019s security setting after activation.<\/p>\n\n\n\n

This way you will not overshare with the global administrator that activated the app (that automatically becomes the site collection administrator in MetaShare workspaces) and you can easily manage administrative access to workspaces using security groups.<\/p>\n<\/div><\/div>\n\n\n\n

\n

Caution!<\/h4>\n\n\n\n

Site collection administrator is the highest permission level within a SharePoint site. This should only be used for troubleshooting or advanced custom settings. To manage access to a workspace, it is enough to assign users to the Owners group in the SharePoint site, that has more limited permissions.<\/p>\n<\/div><\/div>\n\n\n\n

Content administrator<\/h3>\n\n\n\n

To access MetaShare’s settings<\/a> and there be able to configure MetaShare (normally just a few individuals per organisation should have these access-rights), the users need to be assigned the “Content Administrator” role. Users with this role will get the settings-icon, when they are in MetaShare’s start-page (MetaShare Workspace Manager):
\"MataShare's<\/p>\n\n\n\n

Workspace creator<\/h3>\n\n\n\n

To be able to create MetaShare workspaces, the users need to be assigned the “MetaShare Workspace Creator” role. Users with this role will get the “New workspace” function in the toolbar of MetaShare’s start-page (MetaShare Workspace Manager):
\"MataShare's<\/p>\n\n\n\n

MetaShare user<\/h3>\n\n\n\n

To be able to use MetaShare, as an end-user, without assigning any other roles, users need to be assigned the “MetaShare User” role.<\/p>\n\n\n\n

How to assign roles<\/h2>\n\n\n\n

The user that activated MetaShare in your Microsoft 365 tenant has automatically been assigned the “Content Administrator” and the “Workspace Creator” roles during the sign-up process. For other users that should have these roles you need to assign the roles in Microsoft Entra ID by following these instructions:<\/p>\n\n\n\n

    \n
  1. Go to Azure Portal<\/a>.<\/li>\n\n\n\n
  2. In the left navigation, click on “Microsoft Entra ID<\/a>“:<\/li>\n\n\n\n
  3. Click on “Enterprise applications<\/a>“:
    \"Click<\/li>\n\n\n\n
  4. Click on the “MetaShare” application:
    \"Click<\/li>\n\n\n\n
  5. Click on “Users and groups” and then “Add”:
    \"Click<\/li>\n\n\n\n
  6. In the “Users and groups” blade, search for the user you want to assign to a role and when found, click on the name. It will then be displayed in the “Selected members” section, where you can add multiple users before you click the “Select” button:
    \"Search
    If you have Entra ID Premium you can assign security groups instead of individual users.<\/li>\n\n\n\n
  7. Click on the “Select Role” blade and click on the role that you want to assign the users to (unfortunately you will not be able to select multiple roles, unless you have an Microsoft Entra ID premium licence) and then click the “Select” button:
    \"Click<\/li>\n\n\n\n
  8. Review you choices and click on the “Assign” button:
    \"eview<\/li>\n\n\n\n
  9. The assigned users must log out and in again from MetaShare to get their new assigned privileges.<\/li>\n<\/ol>\n\n\n\n

    Once users have been assigned any of the MetaShare roles, follow these instructions<\/a> to pin the MetaShare app to Microsoft 365’s app launcher<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Available user roles in MetaShare There are a few roles that grant you different privileges in MetaShare. The roles are defined as Entra ID application roles that are managed from your Azure Portal. Any user … Read more<\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"parent":10703,"menu_order":6,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":{"0":"post-135","1":"page","2":"type-page","3":"status-publish","5":"no-featured-image-padding"},"_links":{"self":[{"href":"https:\/\/help.metashare.com\/en\/wp-json\/wp\/v2\/pages\/135","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/help.metashare.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/help.metashare.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/help.metashare.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/help.metashare.com\/en\/wp-json\/wp\/v2\/comments?post=135"}],"version-history":[{"count":21,"href":"https:\/\/help.metashare.com\/en\/wp-json\/wp\/v2\/pages\/135\/revisions"}],"predecessor-version":[{"id":12243,"href":"https:\/\/help.metashare.com\/en\/wp-json\/wp\/v2\/pages\/135\/revisions\/12243"}],"up":[{"embeddable":true,"href":"https:\/\/help.metashare.com\/en\/wp-json\/wp\/v2\/pages\/10703"}],"wp:attachment":[{"href":"https:\/\/help.metashare.com\/en\/wp-json\/wp\/v2\/media?parent=135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}