Role-Based Access Control for Hub Notifications is Here!

One of the most requested enhancements for Hub Services has just become generally available!
As a powerful tool for communication and collaboration, Hub Services continues to evolve and improve. With the latest update, super admins can now define and restrict the target audiences that admins can send notifications to. By granting admins full or custom access to specific groups and target audience types, limited permissions ensure that communication is only sent to relevant groups. This enables admins to effectively communicate with their team and region, while also providing super admins with the ability to manage permissions accordingly.
Why is this important? You’re now able to delegate the task of sending notifications out to others within your organization. HR, Events Planning, Geographic-specific administrators, Platform-specific administrators. With this new feature, they can now breathe a sigh of relief knowing they won't accidentally send notifications to people who shouldn't be receiving them. It's all about keeping things secure and under control.
Does this sound interesting to you? If so, read on and let’s take a peek at how this works in the Hub Services Console!
Configuring the new Admin Role
You may recall from our 5 Quick Wins for Workspace ONE Hub Services blog that we can create an admin role to scope permissions so that an admin can only create notifications – but what if you want to go a step further and limit their target audience? Simple! There’s now a “Target Audience Permissions” column from within the Admin Roles tab in Hub Services Console.
Figure 1: Selecting the Admin Roles configuration and highlighting the new Target Audience Permissions column
After you click Edit on the Admin Role, you’re presented with your normal scoping options for what actions this role should be allowed – but you’ll also see the new option for Change Target Audience – click Edit to narrow the scope of users, devices, platforms, or smart groups that they’re allowed to send notifications to.
Figure 2: Modifying the target audience properties for an existing Admin Role
From here, you can choose to turn access on or off for an entire audience type (User Group, Org Group, Smart Group or Platform) – or customize it to a specific audience. In my example below, I’m scoping this permission to a specific set of Smart Groups.
Figure 3: Scoping Admin Roles to various combinations of User Groups, Org Groups, Smart Groups, or entire Platforms, which can have Full Access, Custom Access (as above), or Access disabled
Once you’re happy with your changes, click Done, and the role will be updated. The next time a user matching this role attempts to create a Notification, they will be constrained by the Target Audience definition you’ve set up for this role. Easy and makes your Marketing, HR, Communications, or Business-Unit-specific teams feel confident that they will be sending to the correct audiences.
If you are interested in learning more about Hub Services, you can find information on VMware Docs.
What's your game plan for making the most of this in your Digital Workspace?