Permissions
Goal: Control what each teammate can do.
Three roles, from most to least restrictive. New teammates default to Viewer.
Role matrix
| Role | Create | Edit | Delete | Invite | Manage roles |
|---|---|---|---|---|---|
| Viewer | - | - | - | - | - |
| Editor | yes | yes | - | - | - |
| Admin | yes | yes | yes | yes | yes |
- Viewer - view the workshop and surfaces, run existing warm queries, see API responses. Cannot modify.
- Editor - everything a Viewer can do, plus create and edit connections, surfaces, and warm queries. Editor changes are proposed and go through review.
- Admin - everything an Editor can do, plus delete, invite and remove teammates, change roles, and manage workshop settings.
Change a role
- Open Workspace -> Team Members
- Find the teammate
- Click their current role
- Pick the new role and confirm
Or ask Azi: "Change Sarah's role to Admin." She sets it up for an Admin to confirm.
Every change is recorded
Role changes are recorded with who made them, so you can always see how access got to where it is:
{
"action": "role_change",
"user": "sarah@yourteam.com",
"oldRole": "Editor",
"newRole": "Admin",
"changedBy": "you@yourteam.com",
"timestamp": "2026-06-05T10:30:00Z"
}
Keep it tidy
| Practice | Why |
|---|---|
| Least access | Give the smallest role that lets someone do their job |
| Few Admins | Limit who can delete and change roles |
| Viewers for partners | Read-only access for external collaborators |
| Review periodically | Remove access that's gone stale |
Next steps
- The full access model and SSO -> User Management
- Tokens and secrets -> Security: Secrets