Skip to main content
Openlayer uses role-based access control (RBAC) to manage what members of a workspace can do. Every workspace member is assigned one of four roles, listed below from most to least permissive.

When to use each role

  • Admin: workspace owners and administrators who need full control over settings, members, and integrations.
  • Member: engineers and data scientists who create and manage projects, tests, and data.
  • Member Restricted: contractors or external collaborators who need creation capabilities without access to sensitive data.
  • Viewer: stakeholders, executives, or auditors who need visibility without modification rights.

Permission matrix

FAQ

Yes. Permissions are enforced at both the workspace and project levels. Access groups can provide additional project-level control.
Yes. Project owners have full permissions for their projects, regardless of their workspace role.
Yes. Member Restricted users cannot view data directly, but they can still export data and run inference, which may expose data indirectly. Keep this in mind when assigning this role.