Manage Permissions
Permissions shape who can operate, review, and release work safely.
In practice, there are two questions:
- what someone can do at the organization level
- what they can do inside a specific workspace
Current role model
The current collaboration model centers on:
owneradminmember
Use the narrowest role that still lets the person do their job.
Organization vs workspace scope
Organization scope is for broader administration, such as:
- inviting or removing teammates
- managing high-level access and ownership
- handling shared administrative settings
Workspace scope is where the real operating work happens, such as:
- editing agents
- reviewing histories
- managing channels and API keys
- controlling who can use a specific workspace
A simple permission pattern
For a typical production flow:
- keep a small number of
owners - give day-to-day operators
admin - give reviewers and collaborators
memberunless they truly need more
Review access when the rollout changes
Permissions should change when the operating model changes.
Revisit access when:
- a pilot expands into a broader rollout
- a reviewer becomes an operator
- a teammate no longer needs access