Baserow Advanced and Enterprise plans come with advanced user management to boost data protection and privacy requirements. Role-based access control allows administrators to restrict access to data by assigning roles to users in workspaces, databases or tables.
Role based permissions feature is available to users on Baserow.io SaaS Advanced and Self-hosted Enterprise plans. To learn more about Baserow paid plans, visit our pricing page.
An admin can assign roles to Members and/or Teams at the workspace level and on individual databases and tables. This support article covers assigning roles to teams in bulk in a workspace. For assigning roles for other applications:
Baserow Teams are per Workspace and workspace members can be invited to teams. Teams allow admins to give or restrict permissions in bulk to multiple people.
A team will have a default role assigned at workspace level. When the team’s default role is set, every member of that team automatically gets assigned that role on the entire workspace and everything in it by default, unless exceptions are added to individual databases and tables.
Member-specific roles will always override Team roles. To manage control, we recommend that you assign Members “No Role” at the Workspace level first, invite members to a team on workspace level, and then assign roles to the team on individual databases and tables as you see fit. Learn more about the hierarchy of roles.
To manage and assign roles to Members or Teams at the workspace level,
There’s a hierarchy of permissions between a workspace, database, and table. You must first invite a user to the workspace before inviting them as members of a specific team.
A higher role has all of the permissions of the lower roles. Other users might inherit access to a Database or Table via their respective roles on the parent Database or Workspace.
Modify a team’s default role on the workspace level by selecting an option from the default role dropdown.
Removing a member from a team is not undoable. If a user is removed, they will lose access to all team data. They will have to be re-added to the team to regain access.
It’s important to understand the differences between removing users from a workspace, table, or database and permanently deleting a user account from a self-hosted instance.
Removing a member means taking away their access to a particular workspace, table, or database. However, their user account remains intact. This is applicable to both the SaaS hosted and self-hosted versions.
On the other hand, deleting a user is specific to the self-hosted version. Instance Admins can permanently delete a user from the entire self-hosted instance. This action completely removes the user’s account, and they lose access to all workspaces, tables, and databases.
Still need help? If you’re looking for something else, please feel free to make recommendations or ask us questions—we’re ready to assist you.
Contact support for questions about Baserow or help with your account.