Go to websiteBook a demoTrust center

Workspace and Drive Permissions

Our permission system provides granular access control across workspaces, drives, and files while maintaining simplicity through intelligent inheritance rules. This guide explains how permissions work at each level and how they interact.

Overview

The permission hierarchy consists of three levels:

  1. Workspaces

  2. Drives

  3. Files and Folders

Core Concepts

Workspace Members vs Guests

Workspace members are users who have been explicitly added to a workspace as either admins or members. They can mount drives and receive automatic access based on drive inheritance settings.

Guests are users who have access to specific files, folders, or drives but haven't been added at the workspace level. They can perform actions like editing, commenting, and deleting (based on their permission level) but only through the application interface.

Drive Inheritance

Each drive has a default inheritance setting that determines the base permission level for all workspace members. For example, if a drive's default inheritance is set to "view", all workspace members automatically receive view access without being listed in the drive's member table.

When a workspace member's permissions are explicitly modified to differ from the default inheritance, they appear in the drive's member table. This makes it easy to track custom permission assignments.

Permission Propagation

Permissions can be assigned at any level:

  • Workspace level (members and admins)

  • Drive level (explicit permissions)

  • File/folder level (shared access)

Higher-level permissions flow down unless explicitly overridden at a lower level.

Access Levels

Workspace Level

  • Owner: Highest level of access; can transfer ownership to other admins

  • Admin: Full control over workspace settings, drives, and members

  • Member: Base level workspace access with drive permissions determined by inheritance

  • Guest: Access to specific resources without workspace-level permissions

Drive Level

  • Manager: Automatically granted to workspace admins

  • Full Access: Complete control over drive contents

  • Edit: Can modify files and folders

  • Comment: Can view and comment on contents

  • View: Read-only access

How Sharing Works

When sharing resources, permissions are granted progressively:

  1. Sharing a file/folder makes the recipient a guest at both workspace and drive levels

  2. Sharing a drive makes them a drive member (while remaining a workspace guest)

  3. Sharing at workspace level makes them a full workspace member

Users can progress through these levels as needed, gaining broader access rights at each step.

FAQs

What happens when downgrading a user below the drive's default inheritance?

You must explicitly invite their email to the drive with the desired lower permission level. This will make them appear in the drive's member table since their access now differs from the default.

If a drive's default inheritance changes to match a member's explicit permissions, do they stay in the member table?

Yes. Once a user has been explicitly shared on a drive, they remain in the member table regardless of changes to default inheritance.

Can guests see drives in their sidebar?

Yes. If a guest has access to any file or folder within a drive, they can see that drive in their sidebar for easy navigation.

How do workspace admin permissions work?

Workspace admins automatically become drive managers and can be downgraded to workspace members. They can modify default inheritance settings and manage all aspects of the workspace, including other admins (except the owner).

What's required to transfer workspace ownership?

The current owner must first promote the user they want to give ownership to as an admin. Then the owner must leave the workspace, at which point they will be prompted to transfer the ownership to an existing admin.

Can guests be upgraded to workspace members?

Yes. Users can progress from file/folder access (guest) to drive access (drive member) to workspace access (workspace member) in any order.

What permissions do drive managers have?

Drive managers are always workspace admins and have full control over drive contents and settings, including the ability to modify default inheritance settings.

How does member table visibility work at different levels?

The workspace level shows both members and guests. Drive level member tables only show users who have been explicitly granted permissions OUTSIDE from the default inheritance. This keeps the interface clean while making it easy to track custom permission assignments.

Can workspace admins be added directly to drives?

No. Since workspace admins automatically become drive managers on all drives, they cannot be explicitly invited to drives with different permission levels.

What happens when sharing files/folders directly?

When sharing files or folders, you must specify the permission level during the share action (similar to Google Drive). The recipient becomes a guest at both the workspace and drive level, and the drive becomes visible in their sidebar for easy access.

PreviousBring Your Own S3 StorageNextDesigning Your Permission Hierarchy

Last updated