Workspace access

Organization-wide ownership vs day-to-day workspace operations.

Main dashboard owns

- Product tier and billing
- Global security baseline
- Workspace creation and ownership

Workspace owns

- Team invites and roles
- Integration connections
- Operational policy tuning

Invite teammate

Known emails join immediately if the user already exists in this environment. New emails receive a one-time link (7-day expiry) — accepting it creates the account and session (add transactional email in production).

EmailRole

Workspace members

Seats in use: … (plan limit).

Loading…

Role templates + approval flows

RBAC templates by department

Join/leave approval chains

Privileged action tracking

Requires ELITE+

Upgrade your tier to unlock this module and advanced enterprise controls.

View plans

Role model blueprint

Product target model; live ACL uses owner / admin / member until templates ship.

Role	Scope	Core permissions
Owner	Main + Workspace	Billing, security baseline, workspace lifecycle
Security Admin	Workspace	Policies, alerts, vault controls, incident operations
Operator	Workspace	Daily shield operations and integrations handling
Analyst	Workspace	Read reports and review masking events