# Permissions Table

Shade's permission system operates across three levels: Workspaces, Drives, and Files/Folders. Permissions flow down from higher levels unless explicitly overridden at lower levels.

{% embed url="<https://youtu.be/6t_-b4qu908?si=z5v-0mlRE-ZAQqca>" %}

### Workspace-Level Roles

| Role        | Workspace Management                      | Drive Management                                                  | Drive Mounting | Create Drives | Billing Access | ShadeFS Access | Metadata Access |
| ----------- | ----------------------------------------- | ----------------------------------------------------------------- | -------------- | ------------- | -------------- | -------------- | --------------- |
| **Owner**   | Full control; can transfer ownership      | Full control over all drives                                      | ✓              | ✓             | Full access    | ✓              | ✓               |
| **Admin**   | Full control; manage members and settings | Full control over all drives; automatically becomes Drive Manager | ✓              | ✓             | Full access    | ✓              | ✓               |
| **Member**  | View workspace                            | Access determined by drive inheritance                            | ✓              | ✓             | No Access      | ✓              | ✓               |
| Contributor | View Workspace                            | Access determined by drive inheritance                            | ✓              | ✗             | No Access      | ✓              | ✓               |
| Contractor  | View Workspace                            | Access to specific drives/files/folders only                      | ✓              | ✗             | No access      | ✓              | ✓               |
| **Guest**   | No workspace access                       | Access to specific drives/files/folders only                      | ✗              | ✗             | No access      | ✗              | ✗               |

### Drive-Level Roles

| Role            | View Files | Download | Upload | Edit | Delete | Comment | Rename/Move | Drive Settings | Permission Management |
| --------------- | ---------- | -------- | ------ | ---- | ------ | ------- | ----------- | -------------- | --------------------- |
| **Admin**       | ✓          | ✓        | ✓      | ✓    | ✓      | ✓       | ✓           | ✓              | ✓                     |
| **Full Access** | ✓          | ✓        | ✓      | ✓    | ✓      | ✓       | ✓           | ✗              | ✗                     |
| **Edit**        | ✓          | ✓        | ✓      | ✓    | ✓      | ✓       | ✓           | ✗              | ✗                     |
| **Comment**     | ✓          | ✓        | ✗      | ✗    | ✗      | ✓       | ✗           | ✗              | ✗                     |
| **Download**    | ✓          | ✓        | ✗      | ✗    | ✗      | ✗       | ✗           | ✗              | ✗                     |
| **View**        | ✓          | ✗        | ✗      | ✗    | ✗      | ✗       | ✗           | ✗              | ✗                     |
| **None**        | ✗          | ✗        | ✗      | ✗    | ✗      | ✗       | ✗           | ✗              | ✗                     |

### Key Concepts

#### Workspace Members vs Guests

**Workspace Members** are users explicitly added to a workspace as admins or members. They can:

* Mount drives via ShadeFS
* Access metadata and AI features
* Receive automatic access based on drive inheritance settings
* Create new drives
* Appear on billing as a seat

**Guests** are users with access to specific files, folders, or drives without workspace-level permissions. They can:

* View, edit, comment, or delete based on their permission level
* Access resources only through the web/desktop application interface
* See drives in their sidebar if they have access to any contained files
* Do NOT count toward billing seat limits
* Cannot mount drives

#### Drive Inheritance

Each drive has a **default inheritance** setting that determines the base permission level for all workspace members. When a workspace member's permissions differ from the default, they appear in the drive's member table.

#### Automatic Role Assignment

* Workspace Admins automatically become Drive Managers on all drives
* Workspace Admins cannot be explicitly invited to drives with different permission levels
* The Owner must transfer ownership to an admin before leaving the workspace

#### Progressive Access

Users can be upgraded through permission levels:

1. Guest with file/folder access
2. Guest with drive access
3. Workspace member

### Common Scenarios

**External Collaborators**: Invite as guests at the drive, folder, or file level for specific project access

**Long-term Contractors**: Invite as workspace contractors for mount access to only specific projects and folders

**Client Reviews**: Share specific files or folders, making them guests with View or Comment permissions

**Team Members**: Add as workspace members with drive access determined by inheritance


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://academy.shade.inc/sharing-and-collaboration/permissions-table.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.