When you invite team members to your organization or workspace, you'll need to choose what level of access to give them. This guide explains what each permission level allows users to do, helping you understand team roles and what access each permission level provides.
How to Invite Someone to a Workspace
Workspace Permission Levels
When inviting someone to a workspace, you can assign one of three permission levels:
| Permission | What They Can Do |
|---|---|
| Read | View workflows, see execution results, but cannot make any changes |
| Write | Create and edit workflows, run workflows, manage environment variables |
| Admin | Everything Write can do, plus invite/remove users and manage workspace settings |
What Each Permission Level Can Do
Here's a detailed breakdown of what users can do with each permission level:
Read Permission
Perfect for: Stakeholders, observers, or team members who need visibility but shouldn't make changes
What they can do:
- View all workflows in the workspace
- See workflow execution results and logs
- Browse workflow configurations and settings
- View environment variables (but not edit them)
What they cannot do:
- Create, edit, or delete workflows
- Run or deploy workflows
- Change any workspace settings
- Invite other users
Write Permission
Perfect for: Developers, content creators, or team members actively working on automation
What they can do:
- Everything Read users can do, plus:
- Create, edit, and delete workflows
- Run and deploy workflows
- Add, edit, and delete workspace environment variables
- Use all available tools and integrations
- Collaborate in real-time on workflow editing
What they cannot do:
- Invite or remove users from the workspace
- Change workspace settings
- Delete the workspace
Admin Permission
Perfect for: Team leads, project managers, or technical leads who need to manage the workspace
What they can do:
- Everything Write users can do, plus:
- Invite new users to the workspace with any permission level
- Remove users from the workspace
- Manage workspace settings and integrations
- Configure external tool connections
- Delete workflows created by other users
What they cannot do:
- Delete the workspace (only the workspace owner can do this)
- Remove the workspace owner from the workspace
Workspace Owner vs Admin
Every workspace has one Owner (the person who created it) plus any number of Admins.
Workspace Owner
- Has all Admin permissions
- Can delete the workspace
- Cannot be removed from the workspace
- Can transfer ownership to another user
Workspace Admin
- Can do everything except delete the workspace or remove the owner
- Can be removed from the workspace by the owner or other admins
Common Scenarios
Adding a New Developer to Your Team
- Organization level: Invite them as an Organization Member
- Workspace level: Give them Write permission so they can create and edit workflows
Adding a Project Manager
- Organization level: Invite them as an Organization Member
- Workspace level: Give them Admin permission so they can manage the team and see everything
Adding a Stakeholder or Client
- Organization level: Invite them as an Organization Member
- Workspace level: Give them Read permission so they can see progress but not make changes
Adding a Workspace Ops Lead
- Organization level: Invite them as an Organization Supervisor
- They can create workspaces and manage workspace membership across the organization — without billing access or automatic visibility into workspace content
Environment Variables
Users can create two types of environment variables:
Personal Environment Variables
- Only visible to the individual user
- Available in all workflows they run
- Managed in Settings, then go to Secrets
Workspace Environment Variables
- Read permission: Can see variable names and values
- Write/Admin permission: Can add, edit, and delete variables
- Available to all workspace members
- If a personal variable has the same name as a workspace variable, the personal one takes priority
Best Practices
Start with Minimal Permissions
Give users the lowest permission level they need to do their job. You can always increase permissions later.
Use Organization Structure Wisely
- Make trusted team leads Organization Admins
- Use Organization Supervisor for people who manage workspace assignments but shouldn't touch billing or organization settings
- Most team members should be Organization Members
- Reserve workspace Admin permissions for people who need to manage users
Review Permissions Regularly
Periodically review who has access to what, especially when team members change roles or leave the company.
Environment Variable Security
- Use personal environment variables for sensitive API keys
- Use workspace environment variables for shared configuration
- Regularly audit who has access to sensitive variables
Personal Organization
Every SteelEngine account has at least one organization. When you sign up, SteelEngine automatically creates a personal organization for you, with a default workspace inside it, and you land on your organization dashboard at /<orgSlug> after first sign-in. No setup step asks you to name it — the slug is generated from a curated word-pair list (mild-owl, prime-horse, etc.).
You're the Organization Admin of your personal org. It behaves identically to a team-created org:
- You can invite teammates to it
- You can rename it (which also updates the URL slug)
- You can upgrade it from Free to Pro or Max
- You can create additional workspaces inside it
You cannot delete the personal org if it's your only organization — every account must belong to at least one. To leave a personal org behind, join or create another organization first and ignore the personal one going forward.
You can also join other organizations without leaving your personal org. Each org keeps its own members, roles, billing limits, workspaces, credentials, and access-control settings.
For the full URL anatomy, slug rules, and switching between organizations, see Organizations and Workspaces.
Organization Roles
When inviting someone to your organization, you can assign one of three roles: Admin, Supervisor, or Member.
| Capability | Admin | Supervisor | Member |
|---|---|---|---|
| Manage organization members and invitations | ✓ | — | — |
| Manage billing, subscription, and per-workspace usage limits | ✓ | — | — |
| Manage SSO, branding, permission groups, and model availability | ✓ | — | — |
| Create workspaces | ✓ | ✓ | ✓ |
| Manage workspace membership and assign workspace roles | ✓ | ✓ | — |
| Automatic Admin access to every workspace | ✓ | — | — |
| Workspace content access | All workspaces | Only where explicitly granted | Only where explicitly granted |
Organization Admin
Full organization authority.
- Invite and remove organization members
- Manage billing and subscription settings, including per-workspace usage limits
- Manage SSO, branding, permission groups, and organization-wide model availability
- Implicit Admin access to every workspace in the organization — no workspace invitation needed
Organization Supervisor
An operational tier for people who run workspaces without organization-wide authority.
- Create workspaces, and manage which members belong to which workspace at which permission level
- No automatic access to workspace content — a supervisor sees inside a workspace only when explicitly granted a workspace permission
- Cannot manage organization members, billing, or organization settings
Organization Member
The default role.
- Works in the workspaces they've been explicitly granted access to
- Can create new workspaces — they become that workspace's owner, with Admin permission on it
- Cannot invite people to the organization or manage organization settings
The legacy Owner organization role is treated as Admin — existing owners were migrated automatically.