Skip to content
Ordin Labs

Access Control

Workspace Manager uses a role-based access control system to manage what users can do within the application. Permissions are organized into three levels: global roles, project roles, and group roles.

Global Roles

Section titled “Global Roles”

Global roles apply across the entire application and determine a user’s baseline permissions.

Blocked — Users with this role cannot log in or use the application.

User — Normal users of the system with the following permissions:

  • Create and delete their own workspaces under projects they’ve been added to
  • Access, start, and stop other workspaces in those projects
  • View the groups they are a member of, their memberships, and their projects
  • Can be promoted to administrators or owners for specific projects and groups

Project Administrator — In addition to normal user privileges, project administrators can:

  • Create projects and groups
  • Have full ownership rights to the objects they create

See the Project and Group sections below for details on ownership privileges.

System Administrator — System administrators have root-level privileges across the entire workspace manager:

  • All privileges from User and Project Administrator roles
  • Create and delete users without requiring them to sign in first
  • View, start, or stop any project or workspace
  • Delete any group, project, or workspace

Project Roles

Section titled “Project Roles”

Users can be added to projects with one of the following roles. Each role inherits the permissions of the roles below it.

Guest

  • View the status and configuration settings for the project and its workspaces

Member

  • All Guest privileges
  • Create workspaces under the project
  • Delete their own workspaces (but not others’)
  • Start or stop any workspace in the project
  • View (but not change) the members of the project

Administrator

  • All Member privileges
  • Delete any workspace in the project
  • Create workspaces on behalf of other members
  • Add and remove users and groups from the project
  • Change other users’ roles in the project (promote/demote)

Owner

  • All Administrator privileges
  • Delete the project (which deletes all its workspaces)

Group Roles

Section titled “Group Roles”

Users can be organized into groups for easier permission management. When a group is added to a project, all members of that group are granted Member privileges on the project.

Member

  • View other members of the group
  • Automatically receive Member privileges on all projects associated with the group

Administrator

  • All Member privileges
  • Add and remove members from the group
  • Update member roles within the group

Owner

  • All Administrator privileges
  • Delete the group