Authorization governs how users can access platform features and user-defined objects in the .

NOTE: Authorization manages access to object types. It does not cover access to individual objects of a specified type. For example, access to a specific flow is governed by ownership of the flow (owner) and sharing of the flow by the owner (to a collaborator). If a flow is shared with a user who is not permitted to access flows, then the user cannot access the flow.

Resource Roles and Privileges

Access to  is governed by roles in the user account. 

Standard roles

default role

All new users are automatically assigned the default role. By default, the default role enables full access to all types of .

Since roles in a user account are additive, you may choose to reduce the privileges on the default role and then add privileges selectively by creating other roles and assigning them to users. See the example below.

NOTE: You can modify the default role. You can also remove it from a user account. You cannot delete the role.

NOTE: In future releases of the software, additional objects may be made available. A level of access may be defined in the default role. No other roles will be modified.

Workspace admin role

This admin role is a super-user. The admin role enables all capabilities of the default role, plus:

NOTE: This role enables for the user owner-level access to all objects in the project or workspace and access to all admin-level settings and configuration pages in the admin console. This role should not be assigned to many users. At least one user should always have this role.

NOTE: A platform administrator is automatically granted the admin role.

Custom role(s)

As needed, administrators can create custom roles for users of the project or workspace. For more information, see Create Role.


For a complete list of privileges for each type of object, see Privileges and Roles Reference.

Example model

In the following model, three separate roles have been created. Each role enables the highest level of access to a specific type of object. 

The default object has been modified:

NOTE: Depending on your product edition, some of these privileges may not be applicable.

Privilege/RoledefaultRole ARole BRole CNotes
ConnectionsviewernoneauthornonePaid product editions only
PlansnonenonenoneauthorPremium product editions only
User defined functionsviewernonenoneauthor

product editions only

User 1:

Roles: default

User 2:

Roles: defaultRole A

User 3:

Roles: Role ARole BRole C