Lumos Roles

Last updated: October 7, 2024

Background

We introduced the concept of different roles in Lumos to encourage delegated administration, which allows department heads and managers to manage their own IT and SaaS software, instead of centralizing all responsibility in the IT department.

This removes the burden and bottleneck on your IT team and allows department managers with the most context to take relevant actions.

Admin

This is the most privileged role in Lumos. Users with the Admin role can see and do anything in Lumos. You should be providing access to the Admin role sparingly.

Read Only Admin

Read Only Admins can view every page an Admin can view, but they cannot adjust any admin settings or view employee lifecycle product offerings.

AppStore Read Only Admin

This role can view the AppStore tab of the Activity Log, review all tasks in the Task Center, and view all AppStore configuration settings, but cannot act on tasks not assigned to them.

Auditor

Auditors can view all Access Reviews, whether in progress or completed, and export PDF reports for access reviews. In addition, they can view the Access Reviews tab of the Activity Log.

App Admin

If the user is a named App Admin for an app and has this role assigned to them, they can view and configure any of that app's settings in the AppStore (including approval/provisioning settings), as well as launch Access Reviews for that app.

Vendor Owner

Vendor owners have the ability to view the Vendors tab and view/manage vendor records and agreements.

Vendor Agreement Owner

Vendor Agreement owners have the ability to view the Vendors tab and view/manage vendor records and agreements for only Agreements they are assigned to as a Renewal Owner. This role will give users just enough permissions to manage their Vendor Agreements without giving them access to every other Agreement inside Lumos. Today, the analytics page is unavailable to users with only this role. 

User

If given this role, a user can only view the AppStore & any accounts that have been assigned or delegated to them in an Access Review.

This is the default role for most users, and is required unless the user has "No Access".

No Access

If given this role, the user will not be able to log into Lumos, request apps, have app requests submitted on their behalf, or be assigned to access reviews.

FAQs

Viewing your current user roles

You can view your users and their roles in Lumos here, in the Access Level column.

Default roles

  • The user used to create your Lumos tenant will be made an Admin (though this can be changed later)

  • All users created, except for the first user that creates your tenant, will be set as a User.

  • All inactive or suspended users in your 📄 Source of Truthto "No Access".