This document explains what roles and permissions are and how to set roles in the UI.
A tenant admin can control user rights in a tenant by configuring user roles. A role is a user attribute that defines a set of permissions for the user. Tenant roles define permissions for tenant management, contract roles define permissions for contract management, and workspace roles define permissions for workspace management.
The default tenant role is:
Please note that with
global.tenant.edit_roles
permission you can usePATCH /v2/tenants/:tenantId/roles
API call which allows to create a new role with permissions in a tenant scope. Please usePATCH /v2/tenants/{tenant_id}/members/{user_id}
API endpoint to grante any role from the tenant’s scope to any user.
The default contract roles are:
The default workspace roles are:
Note that a full set of contract permissions does not automatically mean a full set of permissions for every workspace. A contract Admin may be a Guest in a certain workspace.
Please note that you can always get the list of available permissions using an API call. This endpoint is available to all the platforms’ users.
As a workspace Owner or Admin you can modify user roles in the workspace by navigating to Workspace in navigation menu and clicking Edit member’s role:
As a workspace Owner or Admin you can set the user role while adding them to the workspace. Click Add new member, select an existing user and use the Role drop-down menu.
As a workspace Owner and Admin you can set the user role while inviting them to the Contract and Workspace.
Please Note: You can invite to Contract and Workspace only if your have Owner role in the contract.
Click Invite new member, enter user email and use Contract Role and Workspace Role drop-down menus. In the corresponding menu, select the required role. If your tenant has an extensive list of roles, use the Find role field to optimize search. Start typing to gradually filter out unwanted roles.
Click Send Invite to finish.
As a contract Owner you can modify roles of any user in the contract by visiting Members section of the Contract Settings and clicking to edit (the pencil).
As a contract Owner or Admin you can set the user role while inviting to the Contract. Click on Invite new member button and start filling in the form.
Couple of points to keep in mind:
When you invite a user to join a Contract the platform generates a unique, one-time invitation token and sends it to email address you specify. The potential user clicks on the provided link including the one-time token. When the potential user clicks and joins your contract this token becomes invalid and can not be used anymore.
Sometimes, you send an invitation by mistake or would like to withdraw your invitation for some reason. You can delete the invitation by visiting Members section of the Contract Settings, scrolling down to find the list of Pending Members and clicking on delete icon:
Please Note Only contract Owner and Admin role holders can perform this operation.
You can also delete invitation using a HTTP DELETE
method to call our API
/v2/contracts/{CONTRACT_ID}/invites/{INVITE_ID}
endpoint if you have contract Owner and Admin role. Check our
API documentation for more details.
After deleting the invitation if your user tries to use the link in invitation email to join, he/she will get an error Invite is not found or no longer valid.
As a contract Owner and Admin you can update already sent but not accepted
invitations using a HTTP PATCH
method to call our API /v2/contracts/{CONTRACT_ID}/invites/{INVITE_ID}
endpoint.
You can update or remove roles you granted to this potential user and more. Check our
API documentation for more details.