Manage workspace access

Workspace access controls what someone can do inside one workspace.

Workspace access is separate from organization access. You can make someone an organization admin and still limit their access in a specific workspace. For organization-wide access, see Manage organization access.

Give each member one default workspace role. That role defines their baseline access.

• Admin: Full access to the workspace.

• Editor: Can read, create, edit, and delete data.

• Viewer: Can read and export data, but cannot create, edit, or delete it.

• None: No default workspace role. Use this when access should come only from custom roles.

Use custom roles when the default role is too broad. Create them at the organization level and reuse them across workspaces in the same organization.

In Builder mode, you can apply permissions at three levels:

• App level: Control which roles can access one app. In App settings, use Allow access to to limit access to selected workspace roles or custom roles.

• Table level: Control who can read, edit, create, and delete records in a table.

• Field level: Control who can read specific fields, such as email addresses or phone numbers.

This lets you control access at the right level. For example, you can limit one app to selected roles, let a support role view a table, and let only a delivery role see the Address field.

A custom role only takes effect after you assign it in a workspace and use it in app, table, or field permissions. If you do not use a custom role in permissions, the member's default workspace role decides their access.

Custom roles can also narrow access. For example, someone can be an Editor in the workspace but still be blocked from editing one table unless they also have the required custom role.

Add and review members

Use the Workspace users & roles screen to review everyone who can access the workspace.

You can search by email, filter by status, and review each user's role, joined or invited state, verification, and status.

Keep in mind:

• If the invited user is not already part of the organization, inviting them to the workspace also adds them to the organization as a Member.

• If you assign or change roles for an invited user, the change only takes effect after they accept the invitation and join the organization.

Use the member list to review invited and active users, check their status, and update access when needed.

Change workspace roles

Change a user's default workspace role from the member list when their baseline access changes.

Use this when someone needs broader access, read-only access, or no default role. If you only need to allow or restrict one app, table, or field, keep the default role and adjust custom roles or permissions instead.

Keep in mind:

• Changes for active users apply right away.

• Changes for invited users apply after they accept the invitation and join the organization.

• None removes default workspace access. Any remaining access must come from custom roles used in permissions.

• If a user has only custom roles and those roles are not used in any app, table, or field permissions yet, they will see a blank screen with no access.

Create and assign custom roles

Create workspace custom roles at the organization level and reuse them across workspaces in the same organization.

The role list shows each role's name, description, and creation date.