Role Based Access Control (RBAC) at Moveworks

Moveworks offers a suite of solutions to improve employee experience ranging from Employee Communications, Creator Studio, Knowledge Writer etc.

One crucial mechanism that ensures a seamless user experience is our Role-Based Access Control (RBAC) system.

What is RBAC?

RBAC is designed to provide users with specific, tailored access to applications and features on the Moveworks platform. This means that every user only interacts with tools relevant to them and performs actions they're authorized to do. As a result security is enhanced because unauthorized or accidental alteration or deletion of critical data is restricted.

What can you achieve from this module?

Role Based Access Control will allow you to assign specific roles to users to limit the actions they can perform.

Defining Roles in Moveworks

Moveworks incorporates a system of pre-defined roles for applications namely: the "Administrator," the "User," and the "Super Administrator".


The Administrator has an extensive array of capabilities within a given application. They can create, modify, and delete any resource available in the application. This involves having the highest level of control and responsibility within a single application.

Moreover, Administrators can manage the access control list of the application. They can add other employees as users of the system and in certain cases, upgrade them to the administrator level. An administrator can also revoke the access of another existing Administrator.


The User of an application has more restricted functionalities. Users can create resources within the applications. Once a resource is created by a user, they have the capability to modify or delete it since they are its owner.

Resources created by other users are also visible to them, and they can make changes to these. Thus, the User role has a necessary level of access and control without compromising the system's overall integrity.

Super Administrator:

The Super Administrator role is the epitome of admin roles in the Moveworks system. This role has access across all applications within the Moveworks platform.

They are empowered to create, modify, and manage resources in any application. Further, they can grant access to other employees across different applications and roles, including escalating them to be super admins.

However, the revoking of Super Administrator access is a sensitive operation and is controlled by Moveworks directly to maintain security and control in the highest access tier.


  1. You need to make sure that you have already ingested employees, only then you will be able to search and assign roles to them. Head over to this section to know more about identity plugin and it's detailed configuration guide.
  2. Ensure that you have appropriate roles to make changes. You can either be a super admin or a Moveworks Setup admin to assign roles to other employees of your organization.

I am ready to add roles!

Head over to this section to know how to assign roles for various applications.

How-to guides

I am a super admin. I want to add Moveworks Setup admin roles to 4 people, and add Moveworks Setup user roles to 5 people in my org. How do I proceed?

This can be achieved in a 5 step process.

  1. Head over to Roles and Permissions under Company Settings in the left navigation bar.
  2. You will land on a screen where all the users assigned roles to the selected applications are listed. On the top left side, you will find a drop down that says “Active app users”, click on this and select “Moveworks Setup”, uncheck all the others.
  3. On the top right side, you will find a button named “Add User” Click on it. You will land to a screen where you can search for employees that belong to your org.
  4. Search the employees you want to assign roles to. Once you click on an employee, You will have an option to assign Moveworks Setup admin or Moveworks Setup User role to them. Check the boxes that are relevant. Scroll above on this page to know more about various roles.
  5. After you have assigned the appropriate role to the user, click save. Do the same for all other employees that you want to assign roles.

Voila! You are all set. The roles have been assigned to the users and they can now start making or editing configurations over Moveworks Setup.

Please note: A super admin can add other super admins but they cannot remove an existing super admin. Raise a support ticket if you want to downgrade a super admin.