Global Roles

All users have a defined role at the Vault level, which determines what they can access and manage across the entire organization. The global roles are:

• Super Admin
• Workspace Admin
• Member

These roles are independent of workspace-level permissions, which are assigned separately for each workspace.

You can refer to the Global Role Permission Matrix below for a quick overview of what each global role can or cannot do across the platform.

​

Super Admin

The Super Admin is the highest level of access within a Vault. Super Admins can:

• Invite users to the Vault
• Manage global settings (fleet, Docker registry, etc)
• Create and manage teams
• Create and manage custom modules
• Access and manage all workspaces

This role is appropriate for security leads who need full visibility and control over the Vault.

​

Workspace Admin

A Workspace Admin has full control over the workspaces they create or are explicitly added to. Workspace Admins can:

• Create new workspaces and automatically become the Owner of those workspaces
• View all Vault users and teams, and add them to their own workspaces

However, Workspace Admins cannot:

• Access or manage workspaces they haven’t been added to
• Invite new users to the Vault
• Access global Vault settings
• Manage Vault-level teams or custom modules

This role is ideal for project or team leads who need autonomy over their own environments without broader administrative access to the Vault.

​

Member

A Member is a standard user within the Vault. Members can:

• Be added to specific workspaces with workspace-level permissions.
• Manage their own profile settings, including username, password, and notification preferences

​

Global Role Permission Matrix