search
Go to websiteBook a demoTrust center

Workspace and Drive Permissions

Our permission system provides granular access control across workspaces, drives, and files while maintaining simplicity through intelligent inheritance rules. This guide explains how permissions work at each level and how they interact.

hashtag
Overview

The permission hierarchy consists of three levels:

  1. Workspaces

  2. Drives

  3. Files and Folders

hashtag
Core Concepts

hashtag
Workspace Members vs Guests

Workspace members are users who have been explicitly added to a workspace as either admins or members. They can mount drives and receive automatic access based on drive inheritance settings.

Guests are users who have access to specific files, folders, or drives but haven't been added at the workspace level. They can perform actions like editing, commenting, and deleting (based on their permission level) but only through the application interface.

hashtag
Drive Inheritance

Each drive has a default inheritance setting that determines the base permission level for all workspace members. For example, if a drive's default inheritance is set to "view", all workspace members automatically receive view access without being listed in the drive's member table.

When a workspace member's permissions are explicitly modified to differ from the default inheritance, they appear in the drive's member table. This makes it easy to track custom permission assignments.

hashtag
Permission Propagation

Permissions can be assigned at any level:

  • Workspace level (members and admins)

  • Drive level (explicit permissions)

  • File/folder level (shared access)

Higher-level permissions flow down unless explicitly overridden at a lower level.

hashtag
Access Levels

hashtag
Workspace Level

  • Owner: Highest level of access; can transfer ownership to other admins

  • Admin: Full control over workspace settings, drives, and members

  • Member: Base level workspace access with drive permissions determined by inheritance

  • Guest: Access to specific resources without workspace-level permissions

hashtag
Drive Level

  • Manager: Automatically granted to workspace admins

  • Full Access: Complete control over drive contents

  • Edit: Can modify files and folders

  • Comment: Can view and comment on contents

  • View: Read-only access

hashtag
How Sharing Works

When sharing resources, permissions are granted progressively:

  1. Sharing a file/folder makes the recipient a guest at both workspace and drive levels

  2. Sharing a drive makes them a drive member (while remaining a workspace guest)

  3. Sharing at workspace level makes them a full workspace member

Users can progress through these levels as needed, gaining broader access rights at each step.

hashtag
FAQs

chevron-rightWhat happens when downgrading a user below the drive's default inheritance? hashtag

You must explicitly invite their email to the drive with the desired lower permission level. This will make them appear in the drive's member table since their access now differs from the default.

chevron-rightIf a drive's default inheritance changes to match a member's explicit permissions, do they stay in the member table? hashtag

Yes. Once a user has been explicitly shared on a drive, they remain in the member table regardless of changes to default inheritance.

chevron-rightCan guests see drives in their sidebar? hashtag

Yes. If a guest has access to any file or folder within a drive, they can see that drive in their sidebar for easy navigation.

chevron-rightHow do workspace admin permissions work? hashtag

Workspace admins automatically become drive managers and can be downgraded to workspace members. They can modify default inheritance settings and manage all aspects of the workspace, including other admins (except the owner).

chevron-rightWhat's required to transfer workspace ownership? hashtag

The current owner must first promote the user they want to give ownership to as an admin. Then the owner must leave the workspace, at which point they will be prompted to transfer the ownership to an existing admin.

chevron-rightCan guests be upgraded to workspace members? hashtag

Yes. Users can progress from file/folder access (guest) to drive access (drive member) to workspace access (workspace member) in any order.

chevron-rightWhat permissions do drive managers have? hashtag

Drive managers are always workspace admins and have full control over drive contents and settings, including the ability to modify default inheritance settings.

chevron-rightHow does member table visibility work at different levels? hashtag

The workspace level shows both members and guests. Drive level member tables only show users who have been explicitly granted permissions OUTSIDE from the default inheritance. This keeps the interface clean while making it easy to track custom permission assignments.

chevron-rightCan workspace admins be added directly to drives? hashtag

No. Since workspace admins automatically become drive managers on all drives, they cannot be explicitly invited to drives with different permission levels.

chevron-rightWhat happens when sharing files/folders directly? hashtag

When sharing files or folders, you must specify the permission level during the share action (similar to Google Drive). The recipient becomes a guest at both the workspace and drive level, and the drive becomes visible in their sidebar for easy access.

PreviousBring Your Own S3 StorageNextDesigning Your Permission Hierarchy

Last updated