- Super Admin
- Workspace Admin
- Member
Super Admin
The Super Admin is the highest level of access within a Vault. Super Admins can:- Invite users to the Vault
- Manage global settings (fleet, Docker registry, etc)
- Create and manage teams
- Create and manage custom modules
- Access and manage all workspaces
Workspace Admin
A Workspace Admin has full control over the workspaces they create or are explicitly added to. Workspace Admins can:- Create new workspaces and automatically become the Owner of those workspaces
- View all Vault users and teams, and add them to their own workspaces
- Access or manage workspaces they haven’t been added to
- Invite new users to the Vault
- Access global Vault settings
- Manage Vault-level teams or custom modules
Member
A Member is a standard user within the Vault. Members can:- Be added to specific workspaces with workspace-level permissions.
- Manage their own profile settings, including username, password, and notification preferences
Global Role Permission Matrix
| Permission | Super Admin | Workspace Admin | Member |
|---|---|---|---|
| Invite Users to the Platform | ✅ | ❌ | ❌ |
| Manage Global Settings (Fleet, Docker Registry) | ✅ | ❌ | ❌ |
| Create & Manage Teams | ✅ | ❌ | ❌ |
| Create & Manage Custom Modules | ✅ | ❌ | ❌ |
| Access All Workspaces | ✅ | ❌ | ❌ |
| View All Platform Users and Teams | ✅ | ✅ | ❌ |
| Create Workspaces | ✅ | ✅ | ❌ |
| ✅ | ✅ | ❌ | |
| Manage Personal Account Settings | ✅ | ✅ | ✅ |
| Generate & Manage Personal API tokens | ✅ | ✅ | ✅ |
| Manage Personal Notifications | ✅ | ✅ | ✅ |