Permissions & roles
Play uses a layered permission model with workspace roles and app-level access. Use workspace roles to control what people can do across the workspace, and use app access to control what they can do inside a specific app.
Workspace roles
Workspace roles control access across Play.
Role | What they can do |
|---|---|
Admin | Full workspace control: member management, billing, settings, building, and all workspace features. |
Member | Build apps, create co-workers, manage collections and knowledge, and access shared resources. |
App access levels
App access controls what someone can do within a specific app.
Level | What they can do |
|---|---|
Editor | Full app access: use the app, interact with data, and chat with embedded co-workers. |
Viewer | Read-only access to the app. |
How they work together
A person must be a workspace member to get Editor access to an app. The workspace role determines whether they can participate in the workspace, and the app role determines what they can do inside that app.
General access settings
Each app includes a general access setting:
Only invited team members — Explicit invites are required.
Only [workspace] team members — Everyone in the workspace can access the app.
Everyone with this link — Anyone with the link can access the app.
Group-based permissions
Groups can be used to manage access at scale. Instead of inviting people one by one, you can share apps and resources with a group so everyone in that group gets access.