Permissions Table

Shade's permission system operates across three levels: Workspaces, Drives, and Files/Folders. Permissions flow down from higher levels unless explicitly overridden at lower levels.

Workspace-Level Roles

Drive-Level Roles

Key Concepts

Workspace Members vs Guests

Workspace Members are users explicitly added to a workspace as admins or members. They can:

• Mount drives via ShadeFS

• Access metadata and AI features

• Receive automatic access based on drive inheritance settings

• Create new drives

• Appear on billing as a seat

Guests are users with access to specific files, folders, or drives without workspace-level permissions. They can:

• View, edit, comment, or delete based on their permission level

• Access resources only through the web/desktop application interface

• See drives in their sidebar if they have access to any contained files

• Do NOT count toward billing seat limits

• Cannot mount drivest

Drive Inheritance

Each drive has a default inheritance setting that determines the base permission level for all workspace members. When a workspace member's permissions differ from the default, they appear in the drive's member table.

Automatic Role Assignment

• Workspace Admins automatically become Drive Managers on all drives

• Workspace Admins cannot be explicitly invited to drives with different permission levels

• The Owner must transfer ownership to an admin before leaving the workspace

Progressive Access

Users can be upgraded through permission levels:

1. Guest with file/folder access

2. Guest with drive access

3. Workspace member

Common Scenarios

External Collaborators: Invite as guests at the drive, folder, or file level for specific project access

Long-term Contractors: Invite as workspace contractors for mount access to only specific projects and folders

Client Reviews: Share specific files or folders, making them guests with View or Comment permissions

Team Members: Add as workspace members with drive access determined by inheritance