Understanding operators

  • Last update on September 18th, 2023

In CoreView, we categorize an operator as any individual within your organization who requires access to CoreView, regardless of the reason. The utilization of CoreView extends beyond the traditional IT-defined Delegated Administrator role, encompassing individuals in various business roles, such as:

  • CIO/DCIO/CISO - They can access different CoreView dashboards and key performance metrics.
  • Legal Staff - They have the ability to place individuals on or off litigation hold as required.
  • Human Resources - They can access or maintain employee demographic information. 

An operator's identity is typically sourced from accounts in Office 365, referred to by CoreView as an “Organizational Account” (meaning that the account belongs to the customer's Microsoft Entra ID). 
If you choose to not use Organizational accounts, ensure that you have a governance process to remove these users in the event they leave your organization.

Operators vs. TenantAdmins

When talking about “Operators” and “TenantAdmins”, it is important to highlight that while the processes of creating a CoreView “Operator” and creating a “TenantAdmin” are similar, the key distinction is that organizations typically only create “Operators” when they intend to implement some form of delegation. 

All activities are recorded in an Audit Log, accessible to any “TenantAdmin”. Furthermore, via the Manage Operators function, a “TenantAdmin” can view a comprehensive list of all “Operators” and access the specifics of their operator accounts.

TenantAdmins are the SuperUsers of the CoreView system, whereas Operators are limited to the functions defined by roles, permissions, license pools and virtual tenants

Operators use cases

Below are examples of when a CoreView “Operator” account might be assigned to someone in your organizations. 

Office 365 Administrators  Creating Operators as TenantAdmins is a common practice to allow full management of Office 365. 
Help Desk Staff Help Desk staff may benefit from access to CoreView for a variety of reasons. 
Delegated Exchange Administrators  If your organization's IT services are delegated, you may choose to delegate access to CoreView's exchange management capabilities. 
Legal Staff  You may provide members of your legal department access to CoreView to allow them to place or, or remove accounts from, legal hold. 
CIO/CTO  Your CIO or CTO may desire access to CoreView to view the executive-level dashboards, license optimization or chargeback reports. 

A CoreView Operator is an account created in CoreView by a Tenant Administrator. This account enables the associated individual to log into CoreView and carry out technical or business activities. The Operator Types listed below are not official CoreView categories, but rather functional "use cases" provided for illustrative purposes. Each customer has the autonomy to decide how they wish to manage their Operators.

Common Operator Types  Description 
Tenant Administrator 
Technical Role 

A “Tenant Administrator” in CoreView is an “Operator” who has been granted the specific “TenantAdmin” role in CoreView. This type is analogous to someone being a Global Admin in Office 365. Individuals in this type of role usually fall under one or more of an organization’s security policies pertaining to anyone who has been assigned elevated permissions.

A “TenantAdmin” typically does not need to be a Global Admin in Office 365 to use CoreView and perform the functions of a “TenantAdmin”.  One of the accessible benefits is indeed the reduction of global admins on O365 due to the delegated operators on CoreView.

Delegated Administrator 
Technical Role 

A “Delegated Administrator” in CoreView is an Operator who is typically granted permission to execute Management Actions against Office 365 on behalf of the business unit to which they are assigned.

Individuals in this type of role may fall under one or more of an organization’s security policies pertaining to someone who has been assigned elevated permissions.

Examples would involve managing users, mailboxes, groups, and so on. 

Delegated Operator 
Business Role 

A “Delegated Operator” in CoreView is an “Operator” who is typically granted read-only permissions to view dashboards and/or run reports. This type of account is considered more business-oriented, meaning it would be issued to someone who isn’t a mainstream IT person.

Depending on the need, a “Delegated Operator” may be granted permission to run a limited set of Management Actions that are relevant to their business function. For example, granting an attorney permission to allow them to add or remove a Litigation Hold against a user’s mailbox or giving an “Administrative Assistant” permission to manage a business unit’s distribution lists.