CoreView Operator Uses Cases & Dependencies

Modified on Mon, 05 Dec 2022 at 08:08 AM

Categories

This article will provide an overview of how CoreView operators are defined, use cases, and dependencies.

Overview

In CoreView, we define an Operator as anyone in your organization who has a need to log in to CoreView, regardless of the reason. The use of CoreView need not be limited only to what IT organizations view as a classic Delegated Administrator, but can also include individuals in other business roles, such as:

CIO/DCIO/CISO - Access to various CoreView dashboards and key performance metrics.
Legal Staff - Place individuals on/off litigation hold as needed.
Human Resources - Access to/or maintenance of employee demographic information.
Training/Organizational Development Staff - Access to CoreAdoption resources to augment their training and adoption goals.

The identity of an Operator is sourced from accounts in Office 365. This is known by CoreView as an Organizational Account. While you could create an Operator account for someone who does not have an Organizational Account, this is not a best practice. You create a CoreView Operator in the same manner as you created a TenantAdmin, following the instructions found in Create CoreView Tenant Administrators.  However, the difference between the two is that generally, an organization doesn't create Operators unless they plan to implement some form of delegation.   

An Operator's activities are logged into an Audit Log to which any TenantAdmin has access. Moreover, through Manage Operators, a Tenant Admin can see an inventory of all Operators and access the details of their operator account.

Operator Use Cases

Below are examples of when a CoreView Operator account might be assigned to someone in your organizations.  

Office 365 Administrators	Creating Operators as TenantAdmins is a common practice to allow full management of Office 365.
Help Desk Staff	Help Desk staff may benefit from access to CoreView for a variety of reasons.
Delegated Exchange Administrators	If your organization's IT services are delegated, you may choose to delegate access to CoreView's exchange management capabilities.
Legal Staff	You may provide members of your legal department access to CoreView to allow them to place or, or remove accounts from, legal hold.
CIO/CTO	Your CIO or CTO may desire access to CoreView to view the executive-level dashboards, license optimization or chargeback reports.

A CoreView Operator is an account that is created in CoreView by a Tenant Administrator which allows the individual associated with that account to log into CoreView to perform a technical or business activity.  The Operator Types below are not formal CoreView types; rather, they are more along the lines of functional “use cases” and are provided for illustration purposes. Each customer can and should determine on their own how they want to manage their Operators.

Common Operator Types	Description
Tenant Administrator Technical Role	A Tenant Administrator in CoreView is an Operator who has been granted the the specific TenantAdmin role in CoreView. This type is analogous to someone being a Global Admin in Office 365.   Individuals in this type of role usually fall under one or more of an organization’s security policies pertaining to anyone who has been assigned elevated permissions. A TenantAdmin usually does not need to be a Global Admin in Office 365 to use CoreView and perform the functions of a TenantAdmin.
Delegated Administrator Technical Role	A Delegated Administrator in CoreView is an Operator who is typically granted permission to execute Management Actions against Office 365 on behalf of the business unit to which they are assigned. Individuals in this type of role may fall under one or more of an organization’s security policies pertaining to someone who has been assigned elevated permissions. Examples would involve managing users, mailboxes, groups, and so on.
Delegated Operator Business Role	A Delegated Operator in CoreView is an Operator who is typically granted read-only permissions to view dashboards and/or run reports. This type of account is considered more business-oriented, meaning it would be issued to someone who isn’t a mainstream IT person. Depending on the need, a Delegated Operator may be granted permission to run a limited set of Management Actions that are relevant to their business function. For example, granting an attorney permission to allow them to add or remove a Litigation Hold against a user’s mailbox or giving an Administrative Assistant permission to manage a business unit’s distribution lists.

Dependencies

Any implementation of an Operator account would typically depend on other aspects of your CoreView configuration.  Your implementation of Operators depends on your looking at the whole of CoreView and how you want to take advantage of CoreView's power to achieve your organization's business goals.

Therefore, you may need to defer the creation of Operators until other configurations which may affect their permissions are set up:

Virtual Tenants - Virtual Tenants allow you to segment your business data and restrict an Operator's span of control to only a particular set of business data.

Permissions - The creation of role-based access controls (permissions) is essential to ensure that any Operator has the appropriate access to perform the activities required of them.  

License Pools - An Operator's access to license pools allows them to manage the assignment or recovery of licenses, but only within the scope defined by the organization.

Please refer to the following article for more information on how to create and manage operators: Manage Operators