DocsBaserow role levels and permissions
Baserow offers permission roles that control what members can do with workspaces, databases, and tables, from full administrative control to read-only access.
This guide covers the actions each role can perform at the workspace, database, and table levels.
Paid feature: Role-based permissions are available on Baserow Advanced and Enterprise plans. View pricing details.
Overview
Roles determine specific capabilities: who can invite members, create databases, edit data, or simply view content. You assign these roles at the workspace, database, and table levels, with more specific assignments overriding broader ones.
The workspace creator automatically becomes a workspace Admin. Workspaces can have multiple Admins. Learn about roles available in Baserow.
When you invite members to a workspace, you select their initial role. Workspace admins can modify these roles at any time to adjust permissions as the team’s needs evolve.
Role comparison at a glance
Baserow’s role-based permissions let you precisely control user access, ensuring data security and proper team collaboration. Each role inherits the permissions of the one below it, creating a clear hierarchy of access.
This table provides a quick comparison of the default role-based permission levels available in Baserow.
| Role | Access Level | Key Responsibilities & Permissions |
|---|---|---|
| Admin | Full Control | Has all Builder permissions + manages workspace members, roles, and billing. |
| Builder | Structure & App Building | Has all Editor permissions + creates/deletes databases, tables, fields, views, and applications. |
| Editor | Data Management | Has all Commenter permissions + creates, edits, and deletes rows and updates cell values. |
| Commenter | Feedback & Collaboration | Has all Viewer permissions + adds comments to rows. |
| Viewer | Read-Only | Can view data in assigned workspaces, databases, or tables. Cannot make any changes. |
Admins at any level can remove access from each other. For example, a database Admin can create a private database by setting “No Access” for workspace Admins. A table Admin can restrict a table from database Admins. This enables granular control over sensitive data.
For how roles interact when assigned at multiple levels, see Understanding role hierarchy.
Workspace-level role capabilities
When a member is assigned a role at the workspace level, these permissions apply to every database, application, automation, dashboard and table in the workspace unless overridden at the database or table level.
| Admin | Builder | Editor | Commenter | Viewer | |
|---|---|---|---|---|---|
| Invite members to workspace | ✓ | ||||
| Manage member roles | ✓ | ||||
| Remove member access | ✓ | ||||
| Delete workspace | ✓ | ||||
| Rename workspace | ✓ | ||||
| Access workspace settings and audit log | ✓ | ||||
| Add new Baserow builders and tables | ✓ | ✓ | |||
| View workspace trash | ✓ | ✓ | |||
| Access all Baserow builders | ✓ | ✓ | ✓ | ✓ | ✓ |
Only workspace Admins can manage workspace-wide membership. Database or table Admins cannot invite members to a workspace; they can only manage access of existing workspace members at their assigned level.
Learn how to assign workspace-level roles.
Database-level role capabilities
Database-level roles apply to all tables within that specific database unless overridden at the table level.
| Admin | Builder | Editor | Commenter | Viewer | |
|---|---|---|---|---|---|
| Manage member roles on database | ✓ | ||||
| Remove database access | ✓ | ||||
| Create snapshots | ✓ | ||||
| Rename, duplicate, delete database | ✓ | ✓ | |||
| View database trash | ✓ | ✓ | |||
| Create new tables in database | ✓ | ✓ | |||
| Access all tables in database | ✓ | ✓ | ✓ | ✓ | ✓ |
Database Admins can make a database private by removing access for other members (even workspace Admins), unless those members have explicit access at the table level.
Learn how to assign database-level roles.
Table-level role capabilities
Table-level roles apply to a specific table only.
| Admin | Builder | Editor | Commenter | Viewer | |
|---|---|---|---|---|---|
| Manage member roles on table | ✓ | ||||
| Remove table access | ✓ | ||||
| Rename, duplicate, delete table | ✓ | ✓ | |||
| Create, rename, delete fields | ✓ | ✓ | |||
| Reorder fields | ✓ | ✓ | |||
| Edit the table structure (Update field metadata, filters) | ✓ | ✓ | |||
| Create, edit, delete collaborative views | ✓ | ✓ | |||
| Create webhooks | ✓ | ✓ | |||
| Generate public share links | ✓ | ✓ | |||
| Create, update, delete rows | ✓ | ✓ | ✓ | ||
| Update cell values | ✓ | ✓ | ✓ | ||
| Add comments to rows | ✓ | ✓ | ✓ | ✓ | |
| View and export table data | ✓ | ✓ | ✓ | ✓ | ✓ |
Table Admins can restrict access from higher-level Admins by setting “No Access” role at the table level; useful for sensitive data like salary tables.
Learn how to assign table-level roles.
Understanding the “No Role” setting
Assigning “No Role” to a workspace member means they have zero default access. This is useful for implementing a strict, zero-trust security model.
A member with “No Role” can only see or interact with content if they are:
- Added to a team that has been granted specific roles on a database or table.
- Given explicit, individual roles on a specific database or table.
This allows you to grant access on a granular, need-to-know basis without granting broad workspace-wide permissions.
Learn more about using “No Role” strategically.
Frequently asked questions
Can a Viewer ever edit data?
No. Viewers have read-only access at their assigned level. To enable editing, change their role to Editor or higher.
What’s the difference between Builder and Editor?
Builders can modify table structure (fields, views) and create applications. Editors can only modify data (rows, cells) but not the structure.
Can a database Admin manage workspace members?
No. Only workspace Admins can invite, manage, or remove workspace members. Database Admins can only manage access at the database level.
If I’m a workspace Admin, can I access all tables?
Not necessarily. A database or table Admin can restrict your access by explicitly setting the “No Access” role for you at that level. Table-level roles override workspace roles.
How do I give someone permission to create databases?
Assign them the Builder or Admin role at the workspace level. Editors and below cannot create databases.
Can Commenters see all data?
Yes. Commenters have the same viewing permissions as Viewers; they just have the additional ability to add comments. They cannot edit data.
Related content
Assign roles:
- Assign roles to members at workspace level
- Assign roles to teams at workspace level
- Assign roles at database level
- Assign roles at table level
Understand the system:
Manage members:
Still need help? If you’re looking for something else, please feel free to make recommendations or ask us questions; we’re ready to assist you.
-
Contact support for questions about Baserow or help with your account