Workspace Roles

Every person in a workspace has a role, and that role decides exactly what they can do there — from simply viewing files all the way up to deleting the entire workspace. Roles are how DocLock keeps the right people able to work while protecting documents from accidental or unwanted changes.

This page explains the built-in roles, what each one can do, and how administrators can create custom roles. You can view the full role catalog on the Workspace Roles & Permissions screen.

Workspace Roles & Permissions overview

How to open this screen

From the left navigation menu, open Configuration → Workspace Roles.

Route: configuration/workspace-roles
Access required: This is an administrative screen for designing roles. Most users simply have a role; only administrators manage the role definitions here.

Good to know: Workspace roles are separate from system roles. A workspace role controls what you can do inside a workspace (actions on documents); a system role controls which parts of the application you can open. This screen links across to Manage System Roles for the latter.

The six built-in roles

DocLock ships with six built-in roles, listed here from most to least powerful. Each role inherits everything the role below it can do and adds more on top.

Role	What they can do
Owner	Full control. Everything a Manager can do, plus deleting the workspace itself.
Manager	All content operations plus managing members (invite, remove, change roles), changing workspace settings, deleting and archiving documents. Cannot delete the workspace.
Editor	Upload and edit documents, upload new versions, publish, share, move/organize, duplicate, export, start workflows, restore from trash, and use the AI tools — on top of everything a Reviewer can do.
Reviewer	Review and approve documents in workflows, sign, lock/check-out, copy links, and email as attachment — on top of everything a Commenter can do.
Commenter	View, download, and add comments — on top of what a Viewer can do.
Viewer	View and download only. Read-only access; cannot change anything.

Built-in role cards

How "inheritance" works

Because each role builds on the one beneath it, you can think of it as a ladder: a Viewer can download; a Commenter can do that and comment; a Reviewer can do all of that and approve and sign; an Editor can do all of that and upload and edit; a Manager adds member and settings management; and an Owner adds the ability to delete the whole workspace.

Note: You may see other words like "Maintainer" or "Publisher" used loosely as job descriptions in some workspace member lists, but the actual roles the system enforces are the six above: Owner, Manager, Editor, Reviewer, Commenter, Viewer.

What each role can actually do (by area)

On the Workspace Roles & Permissions screen, every role card shows a permission count, and the underlying actions are grouped into four areas:

Documents — Download, Create (upload), Upload New Version, Edit/Rename, Duplicate, Move/Organize, Bulk Export, Archive/Restore, Restore from Trash, Delete, and View Activity Log.
Collaboration — Sign, Start Workflow, Review/Approve, Publish, Comment, Lock/Check-out, Check In/Out, Share, Copy Link, and Email as Attachment.
Administration — Manage Members, Workspace Settings, and Delete Workspace.
AI Tools — Auto-Fill Attributes, Translate, Auto Tag, OCR, Key Points, Summarize, Add to AI Knowledge Base, Convert to Audio, and Privacy Guard (Sanitize).

Some actions are marked as dangerous (such as Delete Documents, Delete Workspace, Archive, and Privacy Guard) because they remove or permanently alter content.

Built-in vs. custom roles

Built-in roles are provided by the system and are read-only — they can't be edited or deleted, so their meaning stays consistent everywhere.
Custom roles are created by your organization to match how your teams actually work. They're fully editable. (For example, an "Uploader" role that can only view and upload, or a "Signer" role that can comment, lock, and review.)

Creating a custom role

On the Workspace Roles & Permissions screen, click New Role.
Give the role a name and a short description of what it's for.
Tick the permissions you want the role to have, choosing from the Documents, Collaboration, Administration, and AI Tools groups.
Save the role. It then appears in the Custom roles section and can be assigned to members in any workspace.

Create custom role dialog

How roles get assigned

You don't set your own role — a workspace Owner or Manager assigns it:

They open the workspace and go to the Members tab.
They click Invite Member (to add you) or the pencil next to your name (to change your role).
They pick the role and save.

What you see inside a workspace reflects your role: buttons like New Document, Invite, Edit, and Delete only appear if your role includes the matching permission.

Tips

Give people the lowest role that still lets them do their job — start at Viewer or Commenter and move up only as needed.
Reserve Owner for the one or two people who should be able to delete the workspace.
Use a custom role when none of the six built-ins fits — for example, someone who should upload but never edit existing files.

Troubleshooting

Problem	What to check
You can't see a button (New Document, Invite, Edit…)	Your role doesn't include that permission; ask an Owner or Manager for a higher role.
You can't open the Workspace Roles screen	This is an admin screen; you likely don't have configuration access.
A built-in role can't be edited	That's by design — built-in roles are read-only. Create a custom role instead.
A role name like "Maintainer" doesn't appear in the designer	Only the six built-in roles (and your custom roles) are enforced; other labels are just descriptive text.

How to open this screen​

The six built-in roles​

How "inheritance" works​

What each role can actually do (by area)​

Built-in vs. custom roles​

Creating a custom role​

How roles get assigned​

Tips​

Troubleshooting​