Overview
Every workspace in clariBI has four roles that control what members can do inside that workspace. These workspace roles are separate from the organization-level RBAC roles (Owner, Administrator, Analyst, Member, Viewer) described in RBAC: Owner, Administrator, Analyst, Member, Viewer.
Workspace roles govern access within a specific workspace. Organization roles govern access across the entire clariBI account.
The Four Workspace Roles
Owner
Every workspace has exactly one Owner -- the person who created it. The Owner has full control over the workspace and its contents.
Owner permissions:
- Create, edit, and delete any dashboard or report in the workspace
- Share content to and from the workspace
- Invite and remove workspace members
- Change any member's role
- Transfer workspace ownership to another member
- Delete the workspace entirely
- Manage workspace settings (name, description, visibility)
- View and moderate all comments
- Access the workspace audit log
The Owner role cannot be assigned to multiple people. If the Owner needs to step away, they should transfer ownership first.
Admin
Admins help the Owner manage the workspace day-to-day. A workspace can have multiple Admins.
Admin permissions:
- Create, edit, and delete any dashboard or report in the workspace
- Share content to and from the workspace
- Invite and remove workspace members (except the Owner)
- Change member roles (except the Owner's role)
- Manage workspace settings
- View and moderate all comments
- Access the workspace audit log
What Admins cannot do:
- Transfer workspace ownership
- Delete the workspace
- Remove or change the Owner's role
Member
Members are active contributors who can create and share content but cannot manage other users.
Member permissions:
- Create new dashboards and reports in the workspace
- Edit dashboards and reports they created or have edit access to
- Share content to the workspace (if they have sharing permissions on the source item)
- Add comments on shared content
- View all published dashboards and reports
- Export data from items they can access
What Members cannot do:
- Invite or remove other workspace members
- Change anyone's role
- Edit or delete content created by others (unless explicitly granted edit access)
- Modify workspace settings
- Access the workspace audit log
Viewer
Viewers have read-only access. This role is ideal for stakeholders who need to see results but should not modify anything.
Viewer permissions:
- View all published dashboards and reports in the workspace
- Add comments on items they can view
- Export data (if export is enabled for the workspace)
What Viewers cannot do:
- Create, edit, or delete dashboards or reports
- Share content
- Invite or remove members
- Change workspace settings
Permissions Comparison Table
| Action | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
| View dashboards/reports | Yes | Yes | Yes | Yes |
| Add comments | Yes | Yes | Yes | Yes |
| Create dashboards/reports | Yes | Yes | Yes | No |
| Edit own content | Yes | Yes | Yes | No |
| Edit others' content | Yes | Yes | No | No |
| Delete any content | Yes | Yes | No | No |
| Share content | Yes | Yes | Yes | No |
| Invite members | Yes | Yes | No | No |
| Remove members | Yes | Yes (not Owner) | No | No |
| Change roles | Yes | Yes (not Owner) | No | No |
| Workspace settings | Yes | Yes | No | No |
| Audit log | Yes | Yes | No | No |
| Transfer ownership | Yes | No | No | No |
| Delete workspace | Yes | No | No | No |
Assigning and Changing Roles
When Inviting a New Member
- Open the workspace and click Members in the sidebar.
- Click Invite Member.
- Enter the person's email address or select from your organization's member list.
- Choose a role from the dropdown: Admin, Member, or Viewer.
- Click Send Invite.
The invited person receives an email and an in-app notification. They must accept the invitation to join the workspace.
Changing an Existing Member's Role
- Go to Members in the workspace sidebar.
- Find the person in the member list.
- Click the role badge next to their name.
- Select the new role from the dropdown.
- Confirm the change.
Role changes take effect immediately. The affected member sees their permissions update on their next page load.
Transferring Ownership
- Go to Workspace Settings > General.
- Scroll to Transfer Ownership.
- Select the new Owner from the member list (they must already be an Admin or Member in the workspace).
- Confirm the transfer.
After the transfer, the previous Owner is automatically assigned the Admin role.
How Workspace Roles Interact with Organization Roles
Workspace roles and organization roles work together but do not override each other.
- A user with the Viewer organization role and Admin workspace role can manage that specific workspace but cannot access organization-wide settings.
- A user with the Administrator organization role can access any workspace by default, regardless of their workspace-level role.
- The Owner organization role has full access to all workspaces.
For more on organization-level roles, see RBAC: Owner, Administrator, Analyst, Member, Viewer.
Best Practices
- Start with Viewer. When adding stakeholders who only consume data, assign them the Viewer role. You can always promote them later.
- Limit Admins. One or two Admins per workspace is usually enough. Too many Admins can lead to conflicting changes.
- Use the audit log. Owners and Admins should periodically review the audit log to track who made changes and when.
- Clean up inactive members. Remove workspace members who no longer need access. This keeps your shared content secure and your member list manageable.