Baserow Advanced and Enterprise plans come with advanced user management to boost data protection and privacy requirements. Role-based access control allows administrators to restrict access to data by assigning roles to users in workspaces, databases or tables.
Role based permissions feature is available to users on Baserow.io SaaS Advanced and Self-hosted Enterprise plans. To learn more about Baserow paid plans, visit our pricing page.
An admin can assign roles to Members and/or Teams at the workspace level and on individual databases and tables. This support article covers assigning roles to members individually in a workspace. For assigning roles for other applications:
Members are assigned individual user roles when they are invited to a workspace. The role assigned to a member will be their default role at workspace level.
After you add a workspace member and they accept the invite, they will have this workspace level default role on everything in the workspace. The member will have access to all databases and tables in the workspace at the role level assigned to them unless you add an exception on specific tables or databases.
To manage and assign roles to Members at the workspace level,
Admins can invite new members to a workspace and assign default roles that members should have upon joining the workspace. When new members are invited to a workspace, they will have access to the entire workspace at the default role assigned to them.
Admins can further restrict access by adding members to a Team and assigning access to the team. Members within the team will have access to workspaces, databases and tables at the role level assigned to the team.
Member roles take priority over team roles. A workspace member who is explicitly assigned a role on a workspace, database or table will get that exact role, regardless of the default roles of the teams to which they belong.
To assign the Team default role to members of a specific team, set the default roles of all Members to “No Role” at the workspace level. If you set the Members’ default role at the workspace level to anything other than “No Role,” this will override and ignore their team default roles in the entire workspace.
Removing member access from a workspace is not undoable. If a user is removed, they will lose access to all workspace data. They will have to be re-added to the workspace to regain access.
It’s important to understand the differences between removing a member from a workspace, table, or database and permanently deleting a user account from a self-hosted instance.
Removing a member means taking away their access to a particular workspace, table, or database. However, their user account remains intact. This is applicable to both the SaaS hosted and self-hosted versions.
On the other hand, deleting a user is specific to the self-hosted version. Instance Admins can permanently delete a user from the entire self-hosted instance. This action completely removes the user’s account, and they lose access to all workspaces, tables, and databases.
Still need help? If you’re looking for something else, please feel free to make recommendations or ask us questions—we’re ready to assist you.
Contact support for questions about Baserow or help with your account.