Workspace Roles
The Workspace Roles & Permissions designer is where administrators decide what members can do inside a workspace — actions on documents such as download, upload, edit, sign, comment, review, publish, share, and delete. It comes with a set of ready-made built-in roles and lets you create your own custom roles to match how your organisation works.
How to open this screen
From the left navigation, open Administration → Workspace Roles. The application route is
/configuration/workspace-roles.
- Access required: You need the
ROLES.VIEWpermission.
Workspace roles are not system roles. Workspace roles control what a member can do with documents inside a workspace. System roles control which application screens a user can open — manage those on the System Roles page.
What you see on this screen
Built-in roles
A row of cards shows the roles that ship with DocLock. Each card has a coloured avatar, the role name, and the number of permissions it grants. Built-in roles are marked Built-in and are read-only — you can view their permissions but not change or delete them:
| Built-in role | What it can do |
|---|---|
| Owner | Full control — manage members, settings, and delete the workspace. |
| Manager | All content operations plus member management. Cannot delete the workspace. |
| Editor | Upload, edit, publish, share, and organise documents. |
| Reviewer | Review and approve documents in workflows, comment, and download. |
| Commenter | View documents, leave comments, and download files. |
| Viewer | View and download documents — read-only access. |
Custom roles
Below the built-in cards is the Custom roles section, showing any roles your organisation has created. Custom cards have Edit and Delete buttons. If none exist yet, an empty card invites you to create one.
Permission detail panel
Click any role card to open the detail panel underneath. It lists every action — grouped into Documents, Collaboration, Administration, and AI Tools — and shows each one as Allowed or Denied for the selected role. Actions that are risky (such as Delete Documents, Archive / Restore, Delete Workspace, and Privacy Guard) are flagged with a warning icon.
Creating a custom workspace role
- Click New Role in the top-right.
- In the dialog, enter:
- Role name (required) — for example Uploader, Signer, or Archive Viewer.
- Description (optional) — who the role is for.
- Role colour — pick a swatch used for the role's avatar.
- Tick the permissions you want to grant. Permissions are grouped into Documents, Collaboration, Administration, and AI Tools, and each group has a Select all / Deselect all shortcut.
- The footer shows a running count of how many permissions you've selected.
- Click Create Role.
The Create Role button stays disabled until you enter a role name.
Editing or deleting a custom role
- To edit, click the pencil button on a custom role card (or Edit Permissions in the detail panel). The dialog reopens pre-filled so you can change the name, description, colour, or permission selections, then Save Changes.
- To delete, click the trash button on a custom role card and confirm. Built-in roles cannot be edited or deleted.
The permission groups
| Group | Examples of actions |
|---|---|
| Documents | Download, Create Document, Upload New Version, Edit / Rename, Duplicate, Move / Organise, Bulk Export, Archive / Restore, Restore from Trash, Delete Documents, View Activity Log. |
| Collaboration | Sign, Start Workflow, Review / Approve, Publish, Comment, Lock / Check-out, Check In / Check Out, Share, Copy Link, Email as Attachment. |
| Administration | Manage Members, Workspace Settings, Delete Workspace. |
| AI Tools | Auto-Fill Attributes, Translate, Auto Tag, OCR, Key Points, Summarize, Add to AI KB, Convert to Audio, Privacy Guard (Sanitize). |
Tips
- Start from the closest built-in role: view its permissions, then create a custom role that adds or removes just what you need.
- Keep an eye on the warning-flagged actions — grant Delete, Archive, and Delete Workspace only to trusted roles.
- Give custom roles clear, purpose-based names (Uploader, Signer) so members understand what they allow.
Troubleshooting
| Problem | What to check |
|---|---|
| The page or menu item isn't visible | You may not have the ROLES.VIEW permission. |
| I can't edit a built-in role | Built-in roles are read-only by design. Create a custom role instead. |
| Create Role is greyed out | You must enter a role name before the button becomes active. |
| A member can open a workspace but can't perform an action | Their workspace role doesn't grant that action — assign a role that does, from within the workspace. |
| My new custom role isn't offered when assigning members | Make sure you saved it; custom roles appear after creation. |