User Roles in Provisioner
Provisioner supports five different user roles: Owner, Writer, Provisioner, Supporter and Reader. By default all roles are inherited when accessing a descendant partner. If you have a Portal User with the Owner Role on Partner A, then you also have owner on Child Partner B, if that is a descendent of Partner A.
The Roles
Owner
Owner can carry out all read and writes actions within Provisioner. This includes the ability to invite additional portal users and manage roles.
Writer
Writer can carry out all read and writes actions within Provisioner, but they cannot add or edit portal users or roles at their home partner level. This role effectively combines Provisioner and Supporter roles.
Provisioner
Provisioner is able to create and manage Partners, Customers and Customer Service Instances. They are not able to then access the Customer Service Instances (e.g. Call Manager). They are able to invite portal users, both to provisioner and Call Manager instances, but not at their own top-level. e.g. If their Portal User is configured at Partner A, they can create Child Partner B under Partner A, and can invite users directly to that new partner.
Supporter
Supporter is able view all Partners, Customers and Customer Service Instances. They can access Call Manager instances (Call Service Instances). They cannot create new Partners or Customers.
Reader
Reader can view all Partners, Customers and Customer Services Instances. They cannot access any Call Manager instances, and cannot create any new objects.
Example Provisioner User Role Access
Capability
Owner
Writer
Provisioner
Supporter
Reader
Add/remove top-level users
Yes
No
No
No
No
Add/remove descendent users
Yes
Yes
Yes
Yes
No
Jump into customer HCM as Owner
Yes
Yes
No
Yes
No
View customers & services
Yes
Yes
Yes
Yes
Yes
Add/edit customers & services
Yes
Yes
Yes
No
No
Capability | Owner | Writer | Provisioner | Supporter | Reader |
|---|---|---|---|---|---|
Add/remove top-level users | Yes | No | No | No | No |
Add/remove descendent users | Yes | Yes | Yes | Yes | No |
Jump into customer HCM as Owner | Yes | Yes | No | Yes | No |
View customers & services | Yes | Yes | Yes | Yes | Yes |
Add/edit customers & services | Yes | Yes | Yes | No | No |
What's My Role?
When logged in to Provisioner, your current role is given beside your email address in the bottom left of the screen. Select the 'i' information icon for more details. If you have restricted access this will be detailed here.
Restricted Access
By default role assignment is inherited for all descendent partner and customers. You may wish to restrict this, creating portal users that only have for example Writer access on specific child partners. The Provisioner platform supports this level of fine grain access.
When creating a portal user, expand the 'Modify Access to Specific Partners and Customers' form section. You can then select the specific partners and/or customers where the target portal user should have the selected role. Here is an example:
In this, we see that our new user John Doe will have the Owner role for ACME Corp partner (and all existing partners and customers below that point in the hierarchy), plus the specific top level customer CDX Core Corp. In the future, this user will have Owner access to any new partners or users created under ACME Corp as well.
For all other partners and customers the user has Reader access.
The user can check and see their own level of access by using the 'i' information icon beside their user name in the bottom left of the portal.
Related Articles
What's new in Provisioner
January 2026 Microsoft GCC High Support The Provisioner platform now has general availability for creating customer service instances on both Commercial and GCC High tenants. Reach out to your account manager if you don't currently have this enabled ...Audit Logs in Provisioner
Overview Each change made in the Provisioner platform is tracked in an Audit Log. This is available from the Provisioner interface using the menu on the left hand side to select 'Audit Log'. The log is shown for the current Partner. To view changes ...Update to Haptap Provisioner portal
The Haptap Provisioner portal is being updated on 28 April 2026 to streamline a number of areas. Note that the screenshots below represent a version of the Haptap brand, and the service names will be different for white label brands. Faster ...Adding and Managing GCC High and Commercial Tenants
Call Manager supports both Microsoft Commercial Cloud and Microsoft GCC High (GCCH). Once configured, Provisioner will be able to create and manage both Commercial and GCCH customer tenants from a single portal. Add Branded GCC High Cloud Support ...Access a Customer's Call Manager as a Partner
Partners can access the Call Manager instances for all their customers, both at their Partner level and for all child Partners. Login to admin.yourbrand.com Partner Management portal. Navigate to the appropriate Partner level Select Customers on the ...