Role-based access control allows administrators to restrict access to data by assigning roles to users in workspaces, databases or tables.
Role based permissions feature is only available to users on Baserow.io SaaS Advanced and Self-hosted Enterprise plans. To learn more about Baserow paid plans, visit our pricing page. Users on
Important: Sharing your data with others should be done with caution.
Roles permit users to execute a set of operations in a Workspace, Database or Table. You can assign a team or a user one of the following roles – Admin, Builder, Editor, Commenter, and Viewer. The role level is initially set when the user is invited or the team is created but can be changed later.
⚠️ NOTE: If your Advanced plan or Enterprise license runs out or you unregister it, role based permissions will be inactive immediately. Every user will automatically be assigned a Builder role for everything in the workspace, including databases and tables.
Here is an overview of what each role grants in a Workspace, Database or Table, in order of their hierarchy:
Admin: Can do everything a Builder can do, including inviting workspace members, controlling their permissions and managing subscriptions of a workspace.
Builder: Can do everything an Editor can do, plus creating, and editing fields, tables, views and databases.
Editor: Can do everything a Commenter can do, plus editing cell values, and creating and deleting rows in tables.
Commenter: Can do everything a Viewer can do, including reading and writing row comments.
Viewer: Can only read databases, tables, views, fields, cells, comments, and trash.
No Role: Only users at the Workspace level can be assigned the No Role permission.
When a No Role permission is assigned, the user will get their default workspace-level role from their highest team workspace-level role for the teams they are in. If they are not in any teams, their workspace-level role will default to “No Access”.
No Access: A user with No Access permission cannot do or see anything in the workspace, database or table to which this role is assigned.
For more specific details on each role level, please refer to this support article.
Teams can better manage complex access protocols using role-based permissions to monitor who should have access to resources and data as well as what they can do with it.
Roles can be assigned at Workspace, Database or Table levels. For example, an admin can invite a user to a Baserow workspace while restricting their access to just viewing tables and databases, by assigning the user a “Viewer” role.
An admin can assign roles to Members and/or Teams at the workspace level and on individual databases and tables.
For more information about how users and roles affect your billing, see this support article.
Admins can invite new members to a workspace and assign default roles that members should have upon joining the workspace. When new members are invited to a workspace, they will have access to the entire workspace at the default role assigned to them.
Admins can further restrict access by adding members to a Team and assigning access to the team. Members within the team will have access to workspaces, databases and tables at the role level assigned to the team.
Note 💡: To assign the Team default role to members of a specific team, set the default roles of all Members to “No Role” at the workspace level. If you set the Members’ default role at the workspace level to anything other than “No Role,” this will override and ignore their team default roles in the entire workspace.
Member roles take priority over team roles. A workspace member who is explicitly assigned a role on a workspace, database or table will get that exact role, regardless of the default roles of the teams to which they belong.
If you’re looking for something else, please feel free to make recommendations or ask us questions in our online community—we’re ready to assist you!