Command Palette
Search for a command to run...
Workspace Roles
Understand role permissions and access management inside a workspace.
Overview
Workspace roles determine what users can see and do within a specific workspace. These roles span from full administrative control to focused, bot-level operational access.
- Workspace Admins have total control over workspace settings, members, and all underlying bots.
- Workspace Moderators assist with day-to-day management like creating bots and managing standard members.
- Workspace Members have restricted access, typically limited to the specific bots they have been assigned to.
Workspace Permission Matrix
| Workspace Action / Permission | Admin | Moderator | Member |
|---|---|---|---|
| View Workspace Details | Allowed | Allowed | Allowed |
| Edit Workspace Name / Metadata | Allowed | Allowed | Not Allowed |
| Delete Workspace | Admin Only | Not Allowed | Not Allowed |
| Archive Workspace | Allowed | Not Allowed | Not Allowed |
| Restore Workspace | Allowed | Not Allowed | Not Allowed |
| View Workspace Members List | Allowed | Allowed | Optional Read-only |
| Add Members to Workspace | Allowed | Allowed | Not Allowed |
| Remove Members from Workspace | Allowed | Cannot Remove Admin | Not Allowed |
| Assign Workspace Roles | Allowed | Member Role Rec. | Not Allowed |
| Promote Member → Moderator | Allowed | Optional | Not Allowed |
| Promote Moderator → Admin | Admin Only | Not Allowed | Not Allowed |
| Demote Workspace Admin | Admin Only | Not Allowed | Not Allowed |
| Create Bots Inside Workspace | Allowed | Allowed | Not Allowed |
| Edit Any Bot in Workspace | Allowed | Based on BLAC | Based on BLAC |
| Delete Any Bot in Workspace | Allowed | Not Allowed | Not Allowed |
| Assign Bot-Level Roles | Allowed | Allowed | Not Allowed |
| View All Bots in Workspace | Allowed | Allowed | Assigned Bots Only |
| Access Unified Inbox | All Bots | Assigned Bots Only | Assigned Bots Only |
| View Workspace Analytics | Full Access | Read-only | Limited |
| Export Workspace Reports | Allowed | Optional | Not Allowed |
| Configure Integrations | Allowed | Not Allowed | Not Allowed |
| Manage Workspace Channels | Allowed | Optional | Not Allowed |
| View Workspace Audit Logs | Allowed | Read-only | Not Allowed |
| Export Workspace Audit Logs | Allowed | Not Allowed | Not Allowed |
Role Descriptions
Workspace Admin
The highest level of access within a workspace. Admins have complete control over all settings, members, bots, and billing/integration configurations. They can perform destructive actions such as deleting the workspace or removing other admins.
Workspace Moderator
Moderators help manage the day-to-day operations of the workspace. They can invite standard members, assign them to bots, and view workspace-level analytics. They cannot manage integrations, delete the workspace, or modify admin permissions.
Workspace Member
The default role for new users added to a workspace. Members only see the bots explicitly assigned to them via Bot-Level Access Control (BLAC). They cannot modify workspace settings, invite users, or view global analytics.
Workspace Governance Rules
- Every workspace must have at least one Workspace Admin. You cannot demote or remove the final Admin unless transferring ownership.
- Moderators cannot escalate privileges. A Moderator cannot promote themselves or a Member to Admin status.
- Role inheritance. Users who are Organization Admins inherently have Workspace Admin privileges across all workspaces, even if not explicitly added.
Unified Inbox Access Model
The Unified Inbox consolidates conversations from all bots in the workspace. However, access to these conversations is strictly filtered by roles:
- Workspace Admins see all conversations from all bots in the workspace inbox.
- Moderators and Members only see conversations routed to the bots they are explicitly assigned to manage.
Bot-Level Access Control (BLAC) Explanation
A Workspace Member's ability to edit a bot depends entirely on BLAC.
If a Member is assigned as a Bot Support Agent, they can only view inbox messages and respond to users.
If a Member is assigned as a Bot Developer, they can modify the bot's AI prompts, training data, and behavioral settings within that workspace.
Note: Workspace Admins bypass BLAC and have implicit Bot Developer access to all bots.
Best Practices
- Limit Workspace Admins. Only grant Admin access to trusted IT personnel or primary business owners.
- Use Moderators for Team Leads. If a manager needs to oversee a department's bots and invite their team, make them a Workspace Moderator rather than an Admin.
- Default to Member. Always start users with the Workspace Member role and use BLAC to grant them access to only the specific bots they work on.