Roles & permissions
Every workspace member has one of four roles. Permissions are cumulative - each role inherits everything from the roles below it.
Role hierarchy
owner > admin > editor > viewerPermission matrix
| Action | Owner | Admin | Editor | Viewer |
|---|---|---|---|---|
| View links & stats | yes | yes | yes | yes |
| Create/edit links | yes | yes | yes | no |
| Delete links | yes | yes | no | no |
| Manage members | yes | yes | no | no |
| Manage invites | yes | yes | no | no |
| Manage domains | yes | yes | no | no |
| View audit log | yes | yes | no | no |
| Export data | yes | yes | no | no |
| Manage API keys | yes | no | no | no |
| Update workspace settings | yes | no | no | no |
| Delete workspace | yes | no | no | no |
| Manage billing | yes | no | no | no |
Role rules
Changing roles (PATCH /api/workspaces/:wsId/members/:userId):
- Only admin+ can change roles
- You cannot change your own role
- You cannot promote someone above your own role
- You cannot change the role of someone with equal or higher rank (unless you are the owner)
Removing members (DELETE /api/workspaces/:wsId/members/:userId):
- Only admin+ can remove members
- You cannot remove yourself
- You cannot remove the last owner
API key access
API keys authenticate as the workspace owner. Any request made with an API key has full owner-level permissions on that workspace.