Comprehensive guide to FlowX workspaces access rights
SA_FLOWX
roleorg_admin
)workspace_admin
)workspace_user
)theme_editor
)project_owner
)project_editor
)project_viewer
)AI Agents / Command Center Access
Cannot Be Deleted
Cannot Be Fundamentally Modified
Duplication Rules
workspace_user
, theme_editor
, project_editor
, project_viewer
org_admin
, workspace_admin
, project_owner
Assignment Restrictions
org_admin
: Visible and assignableGroup Membership Management
all_users_[workspace_name]
when granted any workspace accessAccess Management Workflows
Custom Groups
sales_team
, finance_analysts
)FlowX 4.x Role | FlowX 5.0 Equivalent | Notes |
---|---|---|
FLOWX_ADMIN | workspace_admin | Now workspace-scoped instead of global |
FLOWX_CONFIGURATOR | workspace_user or project_editor | Depends on required access level |
FLOWX_UI_DESIGNER | theme_editor | Enhanced with theme management capabilities |
FLOWX_VIEWER | project_viewer | Now project-specific instead of global |
Custom Keycloak roles | Manual review required | Assess against new role structure |
Import Type | Required Permission | Access Assignment |
---|---|---|
Project Version (first import) | project_create in workspace | Importing user becomes project_owner |
Project Version (existing) | project_create AND project_edit | Version added to existing project |
Project Build (first import) | project_build_create | Creates project, user becomes project_owner |
Project Build (existing) | project_build_create | Build added to existing project |
Library Version | Same as project version | Same ownership rules apply |
Library Build | project_build_create | Creates build only, no library config |
Permission | org_admin |
---|---|
Workspaces | |
Create workspace | ✅ |
Edit workspace settings | ✅ |
Delete workspace | ✅ |
View all workspaces | ✅ |
Organization Users | |
Add users to organization | ✅ |
Remove users from organization | ✅ |
Assign organization roles | ✅ |
View all user access | ✅ |
Global Settings | |
Configure organization settings | ✅ |
Manage global policies | ✅ |
Access system configurations | ✅ |
Permission | workspace_admin | workspace_user | theme_editor |
---|---|---|---|
Projects | |||
Create project | ✅ | ✅ | ✅ |
View projects | ✅ | ✅ | ✅ |
Delete any project | ✅ | ❌ | ❌ |
Libraries | |||
Create library | ✅ | ✅ | ✅ |
View libraries | ✅ | ✅ | ✅ |
Delete any library | ✅ | ❌ | ❌ |
Themes & Branding | |||
Create themes | ✅ | ❌ | ✅ |
Edit themes | ✅ | ❌ | ✅ |
Delete themes | ✅ | ❌ | ✅ |
Manage fonts | ✅ | ❌ | ✅ |
User Management | |||
Add workspace users | ✅ | ❌ | ❌ |
Remove workspace users | ✅ | ❌ | ❌ |
Assign workspace roles | ✅ | ❌ | ❌ |
Create user groups | ✅ | ❌ | ❌ |
Workspace Settings | |||
Configure workspace | ✅ | ❌ | ❌ |
Manage workspace policies | ✅ | ❌ | ❌ |
View audit logs | ✅ | ❌ | ❌ |
Permission | project_owner | project_editor | project_viewer |
---|---|---|---|
Process Design | |||
Create processes | ✅ | ✅ | ❌ |
Edit processes | ✅ | ✅ | ❌ |
Delete processes | ✅ | ✅ | ❌ |
View processes | ✅ | ✅ | ✅ |
Configuration | |||
Manage enumerations | ✅ | ✅ | ❌ |
Configure templates | ✅ | ✅ | ❌ |
Set up integrations | ✅ | ✅ | ❌ |
Manage parameters | ✅ | ✅ | ❌ |
Runtime Management | |||
Create builds | ✅ | ✅ | ❌ |
Deploy to runtime | ✅ | ✅ | ❌ |
Manage active policies | ✅ | ✅ | ❌ |
View runtime status | ✅ | ✅ | ✅ |
Access Control | |||
Grant project access | ✅ | ❌ | ❌ |
Modify project permissions | ✅ | ❌ | ❌ |
Remove project access | ✅ | ❌ | ❌ |
Project Administration | |||
Delete project | ✅ | ❌ | ❌ |
Archive project | ✅ | ❌ | ❌ |
Export project | ✅ | ✅ | ❌ |
Principle of Least Privilege
project_viewer
for new usersproject_editor
only when neededworkspace_admin
for actual administratorsorg_admin
to platform administratorsUse Groups for Scale
Regular Access Reviews
Clear Role Documentation
workspace_admin
(team leads)workspace_user
theme_editor
(if visual customization needed)project_editor
assigned per project as neededUser Cannot Access Workspace
Role Assignment Failed
workspace_admin
rolePermissions Not Working
Migration Access Issues