Roles and Permissions
Define what each member can do
In ENSPACE, roles define granular permissions for each member within the workspace. The license type (Owner, Full, Standard, Viewer) determines the base access, while the role refines that access — specifying exactly what the member can view, create, edit, or delete in each area, form, or field of the platform.
- A role never expands access beyond what the license allows, but it can restrict it further.
- Permissions are always applied within the workspace context, ensuring isolation between teams.
Roles are essential for:
- Protecting sensitive data: restrict visibility and editing by area, form, or field.
- Delegating responsibilities: limit actions by department, stage, or function.
- Preventing errors and unauthorized access: expose only what's necessary for each profile.
What permissions control
Role permissions cover different areas of the workspace, with real granularity:
- Categories and items — control over creation, reading, editing, and deletion, with the ability to restrict by category, form, and individual field.
- Tasks — access and interaction with quick and scheduled tasks.
- Spaceflows — viewing and monitoring executions.
- Calendar — access to the workspace calendar.
- AI — usage of artificial intelligence features.
- Settings — access to member management, roles, groups, menus, screens, use cases, lists, integrations, emails, logs, and credentials.
Currently, permissions do not apply to dashboards, reports, or third-party integrations. This expansion is planned for future releases of the platform.
Permissions per category, form, and field
For categories and items, permissions follow the CRUD model (Create, Read, Update, Delete):
| Permission | What it controls |
|---|---|
| Create | Allows creating new items in the category or form. |
| Read | Allows viewing items and permitted fields. |
| Update | Allows editing item information and fields. |
| Delete | Allows removing items from the category. |
These permissions can be configured at three levels:
- By category — defines global access to the category.
- By form — allows different rules for each submission form.
- By field — restricts visibility and editing of specific fields.
The system automatically filters the available fields and actions according to the role's permissions, ensuring each member sees and edits only what is authorized.
Practical example
Imagine a workspace with three categories: "Contracts", "HR", and "Marketing". A role called "Legal" could be configured as follows:
| Category | Form | Field | Create | Read | Update | Delete |
|---|---|---|---|---|---|---|
| Contracts | Legal Opinion | opinion | ✅ | ✅ | ✅ | ❌ |
| Contracts | Legal Opinion | value | ❌ | ❌ | ❌ | ❌ |
| HR | — | all | ❌ | ✅ | ❌ | ❌ |
| Marketing | — | all | ❌ | ❌ | ❌ | ❌ |
In this example, the role can create and edit legal opinions, but cannot access financial values or delete records. In "HR", it can only view. In "Marketing", there is no access.
How to configure a role
Access the Roles tab
In the sidebar menu, go to Settings > Member Management and click the Roles tab.
Create or edit a role
Click an existing role to edit it, or create a new one.
Configure permissions
For each workspace area, define what the role can do. In categories, refine permissions by form and field as needed.
Save
Changes take effect immediately for all members assigned to that role.
Changes to a role immediately affect all members assigned to it. Review permissions carefully before saving.
Best practices
- Create roles that reflect real operational functions (e.g., "Legal Analyst", "Finance Manager", "Support").
- Use field- and form-level permissions to protect sensitive data without blocking access to entire categories.
- Test each role with a fictitious user to ensure permissions are correct.
- Regularly review roles whenever workspace processes change — outdated permissions may expose data or block workflows.