Permissions and roles

Controls over who can do what within a workspace.

Permissions and roles control what each user can do within a workspace. Permissions are granular actions; roles are named bundles of permissions assigned to users. Both are Team-tier features available only in Multi-user workspaces.

Default roles

Tree ships with three default roles:

  • Owner: full control of the workspace, including billing, member management, and all project operations
  • Admin: full control of projects and content, but not workspace-level settings like billing
  • Member: standard read and write access to projects they're part of, but not workspace-level configuration

Every workspace has at least one Owner. Other roles can be assigned freely.

Custom roles

In addition to the defaults, workspaces can define custom roles. A custom role specifies:

  • A name (for example, "Contributor," "Reviewer," "Read-only")
  • A permission set chosen from the available granular permissions
  • An optional scope limiting the role's effect to specific projects

Custom roles are useful for workflows that don't fit the default three. A "Reviewer" role might have read access to all projects plus write access only to comments. A "Contractor" role might have access only to specific projects.

Granular permissions

The permission system covers actions like:

  • Read project, edit project, delete project
  • Create nodes, edit nodes, delete nodes
  • Assign work, change permissions, manage members
  • Generate share links (see Project sharing), revoke share links
  • View activity feed, export data

Each permission can be granted or denied independently. Custom roles combine these into named bundles.

Project-level permissions

Beyond workspace roles, individual projects can have their own permission overlays. A workspace member with general access might have elevated permissions on a specific project they own, or restricted access on a project they shouldn't see.

The combination of workspace role plus project-level override determines what a user can actually do in a given context.

Tier availability

Permissions and roles are a Team-tier feature, available only in multi-user workspaces. Free and Paid (single-user) do not include role-based access control.

LAST UPDATED · 2026-05-12