Skip to main content
Roles are the access levels of a user in a workspace. Below is a summary of the roles and their permissions.
RoleDescription
ownerComplete control over the workspace; exactly one per workspace
adminAdministrative and application access to the workspace; is subordinate to the owner
memberApplication access to the workspace, but no administrative privileges

Admin permissions

Owners and admins hold administrative privileges, granting them the following permissions, which are unavailable to members:
  • Create a new API key
  • Update an existing API key
  • Delete an existing API key
  • Send an invite
  • Resend an invite
  • Revoke an invite
  • Suspend a user
  • Update another user (their name)
  • Update another user’s role
  • Update the workspace
Of course, owners have some special immunity from the above permissions to prevent unwanted privilege escalation:
  • Owners cannot be suspended
  • Owners cannot have their role changed by another user

Owner permissions

A workspace must have exactly one owner. As such, owners cannot leave their workspace or be suspended. However, owners can transfer ownership to another member. Thus, in addition to the admin permissions above, owners also have a special permission for transferring workspace ownership to another member.

Member permissions

Members hold application access to the workspace but no administrative privileges. We won’t detail every permission here — suffice it to say, members can perform any action that is not administrative or owner-only. This includes creating devices, deploying configurations, etc.