Blog
Sep 12, 2018

Permissions and access rights in Nuclino: Tips and best practices

nuclino-comment-only-member-role

With your team created, members invited, workspaces set up, and collaboration in full swing, it’s time to take a moment to consider which roles and permissions you, as the team manager, need to assign to each member.

This decision needs to be approached with care. While it is important to foster team collaboration and encourage contributions from all members, it is equally important to keep confidential information safe and prevent unauthorized team members from changing or deleting important documents.

Roles and permissions can be assigned and customized on the team and workspace level. Let's take a deep dive into your options.

Team management

On the team level, the roles and permissions assigned to your team members decide how much control they would have over basic team settings, billing, app integrations, and so on.

Owners have the highest level of permissions. They have exclusive access to features such as deleting or renaming teams.

Admins have a high level of permissions and can execute dangerous actions such as deleting entire workspaces irreversibly.

Members have enough permissions for daily usage but cannot execute dangerous actions such as deleting workspaces or teams.

Guests have no access to the team settings and cannot create new or see existing workspaces. They need to be explicitly added to workspaces.

Owner

Admin

Member

Guest

Invite, manage, remove team members

✖️

✖️

Configure billing

✖️

✖️

Configure apps & integrations

✖️

✖️

Configure authentication

✖️

✖️

Create, edit, delete groups

✖️

✖️

Rename team

✖️

✖️

✖️

Delete team

✖️

✖️

✖️

Get added to public or private workspaces

Join public workspaces

✖️

Create workspaces

✖️

Export workspaces

✖️

✖️

Delete workspaces

✖️

✖️

Move workspaces between teams

✖️

✖️

✖️

*The team Member role is available on the Standard plan.

Assign the Admin role with care

An Admin can easily make irreversible changes leading to loss of critical information. Unless a member needs access to Admin-level settings (such as billing), don't assign that role to them.

Prevent information loss

The safest way to make sure important information doesn't get accidentally deleted is to assign the Member role to all regular members of your team. They will still be able to view and contribute content, without the risk of deleting anything or having access to billing configuration and other important settings.

Workspace management

On the workspace level, you can decide which members of your team need to contribute content and who will only need to view it.

Editors have full access in the scope of a workspace. For example, they can invite new workspace members and modify all workspace content.

Commenters can't edit the content of the workspace, but they can leave comments and replies.

Readers have limited access to a workspace and can only view items and collections.

Editor

Commenter

Reader

View content

Edit, duplicate, archive, delete content

✖️

✖️

Import content

✖️

✖️

Move content between workspaces

✖️

✖️

Empty trash, delete content from trash

✅ (except guests)

✖️

✖️

View, add, resolve, delete comments

✖️

View or follow item activities

✖️

Add, manage, remove workspace members

✅ (except guests)

✖️

✖️

Rename workspaces

✅ (except guests)

✖️

✖️

Change workspace privacy

✅ (except guests)

✖️

✖️

Change workspace default access

✅ (except guests)

✖️

✖️

Change workspace default view

✅ (except guests)

✖️

✖️

*The workspace Commenter and Reader roles are available on the Standard plan.

The best role assignment here would depend on your team's specific needs, including the type of content you need to store and share, how often that content needs to be updated, which team members would be responsible for keeping everything up-to-date, and so on.

Default user roles

When you create a new workspace, invited members are assigned the Editor roles by default. You can easily change that in the workspace settings and give all the newly added members real-only access to the workspace by default.

Configuring access rights for a knowledge base

If you are using the workspace as a knowledge base containing relatively static content (such as brand guidelines or company policies), assign the Editor role very selectively. If you are dealing with information that should only be edited by authorized team members, having too many editors would mean a high risk of unwanted or accidental changes. Assign the Reader role to any member that generally isn't expected to contribute content to the workspace.

Configuring access rights for collaboration

If you are using the workspace as a collaboration tool, make sure to give your team members editing rights by default, enabling them to contribute content right away. Use version history to track updates or undo unwanted changes.

Want to learn more about access and security in Nuclino? Visit the Help Center.