Roles and Permissions
Understand the different roles and what each one can do.
Overview
Roles control what each member of a workspace can see and do. Every invited user is assigned one of four roles, and that role determines whether they can build workflows, manage shared connections, invite teammates, or change billing.
Roles are scoped to a single workspace. The same person can hold different roles in different workspaces, so a designer might be a Member in your production workspace and an Admin in a sandbox. Permissions are applied uniformly across the dashboard, the workflow designer, connections, knowledge collections, and the audit log.
The Four Roles
- Viewer - Read-only access. Can browse workflows and execution history but cannot edit, run, or change anything.
- Member - Can build, edit, and run workflows. Can create connections, but only manages the ones they own. Cannot invite users or see billing.
- Admin - Full operational control: manages workflows, all connections (including those owned by others), members, and the audit log. Cannot change the plan or payment method.
- Owner - Everything an Admin can do, plus billing and plan management. A workspace can have multiple Owners.
Permission Matrix
| Permission | Viewer | Member | Admin | Owner |
|---|---|---|---|---|
| View workflows and executions | Yes | Yes | Yes | Yes |
| Create and edit workflows | No | Yes | Yes | Yes |
| Run workflows | No | Yes | Yes | Yes |
| Manage connections | No | Own only | Yes | Yes |
| Invite and manage members | No | No | Yes | Yes |
| Manage billing | No | No | No | Yes |
| View audit logs | No | No | Yes | Yes |
Changing Roles
- Open Settings -> Members. Only Admins and Owners see this page.
- Find the member you want to update and click their current role.
- Pick a new role from the dropdown. Spojit applies the change immediately and records the action in the audit log.
Tips
- Give new teammates Viewer while they get oriented, then promote to Member once they start building.
- Keep at least two Owners on every workspace so billing access is never blocked if someone is away.
- Use Member as the default. Reserve Admin for people who genuinely need to manage other users' connections.
Common Pitfalls
- A Member who built a connection can edit it, but if they leave the workspace the connection stays. Only an Admin or Owner can reassign or remove it.
- Downgrading the last Owner is blocked. Promote another user to Owner first.
- Viewers cannot run workflows, even ones shared with them. If a stakeholder needs to trigger runs manually, give them Member.
- Role changes do not retroactively rewrite past executions or audit entries. The actor is recorded at the time the action happened.