In CoreView, we define an Operator as anyone in your organization who has a need to log in to CoreView, regardless of the reason. The use of CoreView need not be limited only to what IT organizations view as a classic Delegated Administrator, but can also include individuals in other business roles, such as:
- CIO/DCIO/CISO - Access to various CoreView dashboards and key performance metrics.
- Legal Staff - Place individuals on/off litigation hold as needed.
- Human Resources - Access to/or maintenance of employee demographic information.
- Training/Organizational Development Staff - Access to CoreAdoption and CoreLearning resources to augment their training and adoption goals.
The identity of an Operator is sourced from accounts in Office 365. This is known by CoreView as an Organizational Account. You do have the ability to create an Operator account for someone who does not have an Organizational Account, but this is not viewed as a best practice. You create a CoreView Operator in the same manner as you created a TenantAdmin, following the instructions found in 4.B Create CoreView Tenant Administrators. However, the difference between the two is that generally, an organization doesn't create Operators unless they plan to implement some form a delegation.
An Operator's activities are logged into an Audit Log to which any TenantAdmin has access. Moreover, through Manage Operators, a Tenant Admin can see an inventory of all Operators and access the details of their operator account. Please review the video below for a quick tutorial on Operators and delegation of access and control.
II. Operator Use Cases
Below are a handful of examples of when a CoreView Operator account might be assigned to someone in your organizations.
|Office 365 Administrators||Creating Operators as TenantAdmins is a common practice to allow full management of Office 365.|
|Help Desk Staff||Help Desk staff may benefit from access to CoreView for a variety of reasons.|
|Delegated Exchange Administrators||If your organization's IT services are delegated, you may chose to delegate access to CoreView's exchange management capabilities.|
|Legal Staff||You may provide members of your legal department access to CoreView to allow them to place or, or remove accounts from, legal hold.|
|CIO/CTO||Your CIO or CTO may desire access to CoreView to view the executive-level dashboards, license optimization or chargeback reports.|
A CoreView Operator is an account that is created in CoreView by a Tenant Administrator which allows the individual associated with that account to log into CoreView to perform a technical or business activity. The Operator Types below are not formal CoreView types; rather, they are more along the lines of functional “use cases” and are provided for illustration purposes. Each customer can and should determine on their own how they want to manage their Operators.
|Common Operator Types||Description|
A Tenant Administrator in CoreView is an Operator who has been granted the the specific TenantAdmin role in CoreView. This type is analogous to someone being a Global Admin in Office 365. Individuals in this type of role usually fall under one or more of an organization’s security policies pertaining to anyone who has been assigned elevated permissions.
A TenantAdmin usually does not need to be a Global Admin in Office 365 to use CoreView and perform the functions of a TenantAdmin.
A Delegated Administrator in CoreView is an Operator who is typically granted permission to execute Management Actions against Office 365 on behalf of the business unit to which they are assigned.
Individuals in this type of role may fall under one or more of an organization’s security policies pertaining to someone who has been assigned elevated permissions.
Examples would involve managing users, mailboxes, groups and so on.
A Delegated Operator in CoreView is an Operator who is typically granted read-only permissions to view dashboards and/or run reports. This type of account is considered more business-oriented, meaning it would be issued to someone who isn’t a mainstream IT person.
Depending on the need, a Delegated Operator may be granted permission to run a limited set of Management Actions that are relevant to their business function. For example, granting an attorney permission to allow them to add or remove a Litigation Hold against a user’s mailbox or giving an Administrative Assistant permission to manage a business unit’s distribution lists.
Any implementation of an Operator account would typically depend other aspects of your CoreView configuration. Your implementation of Operators depends on your looking at the whole of CoreView and how you want to take advantage of CoreView's power to achieve your organization's business goals.
Therefore, you may need to defer the creation of Operators, until other configurations upon which an Operator may relay, such as:
- Virtual Tenants - Virtual Tenants allow you to segment your business data and then restricting an Operator's span of control to only a a particular set of business data.
- Permissions - The creation of role-based access controls (permissions) is essential to ensure that any Operator has the appropriate access to perform the activities required of them.
- License Pools - An Operator's access to license pools allows them to manage the assignment or recovery of licenses, but only within the scope defined by the organization.
IV. Creating Operator Accounts
Operator accounts are created in the same manner as that found in the Knowledge Resource titled 4.B Create CoreView Tenant Administrators. Below, please find a short video that walks you through the steps to delegate access to a Help Desk. This video refers to an older version of CoreView, the information and concepts are still relevant.