Permission Levels
AppFlowy uses a hierarchical permission system with two main layers: workspace roles and page permissions.Workspace Roles
Workspace roles determine base-level access within your workspace:Owner
Full administrative control over the workspace:
- Manage all workspace settings
- Add/remove members
- Upgrade subscription plans
- Delete the workspace
- Access all pages and spaces
Member
Regular team member access:
- Create and edit their own pages
- Access shared pages based on permissions
- Create spaces and organize content
- Invite other members
- Cannot manage billing or delete workspace
Guest
Limited access to specific pages:
- Access only explicitly shared pages
- Cannot see workspace structure
- Cannot invite others
- Cannot create new pages in workspace
- See Guest Editors for details
Workspace roles can be viewed and managed in Settings → Members.
Page Permissions
Page-level permissions control what collaborators can do on specific pages:Can View
Read-only access to the page:
- Read all content and comments
- View page history
- Export the page
- See mentions and references
- Cannot make any edits
- Cannot share with others
Can Edit
Full editing access to the page:
- Make any content changes
- Add, edit, and delete blocks
- Create mentions and assignments
- Modify database entries
- Change page properties
- Share the page with others (inheriting owner’s permission level)
Page permissions override workspace roles. A workspace Member with “Can View” on a specific page cannot edit it, even though they’re a full member.
Space Permissions
Spaces in AppFlowy have their own permission settings:Public Spaces
Public to All spaces are visible to everyone in the workspace:- All workspace members can see the space
- Members can view pages unless explicitly restricted
- Useful for team-wide resources and documentation
- Default setting for new spaces
Private Spaces
Private spaces restrict visibility:- Only the space creator can see it by default
- Must explicitly share pages from private spaces
- Ideal for personal work or confidential projects
- Pages can still be shared individually
Permission Inheritance
Understanding how permissions cascade:Workspace → Space → Page
- Workspace Role: Base level of access
- Space Permission: Controls visibility of the space itself
- Page Permission: Specific access level for individual pages
Permission Priority
More restrictive permissions always win:- Guest role + Can Edit permission = Can Edit (on that page only)
- Member role + Can View permission = Can View (on that page only)
- Owner role + Can View permission = Can View (owner can change it)
Page-level permissions are the most specific and always take precedence over workspace and space permissions.
Managing Permissions
Changing Workspace Roles
Only workspace owners can change member roles:Changing Page Permissions
Page owners and editors with sharing rights can update permissions:- Open the Share menu on the page
- Find the collaborator in the list
- Click the permission dropdown next to their name
- Select Can View or Can Edit
- Changes apply immediately
Bulk Permission Management
Added in version 0.9.8, you can bulk add collaborators:Permission Use Cases
Executive Dashboard
Can View for executives who need visibility but shouldn’t edit. Can Edit for the team maintaining the dashboard.
Team Project
Can Edit for all team members. Can View for stakeholders and managers who need updates.
Client Collaboration
Invite clients as Guest Editors with Can Edit on specific project pages only.
Documentation
Public Space with Can Edit for documentation team. Can View for entire company.
Advanced Permission Scenarios
Sharing with External Collaborators
For external partners or clients:- Invite them as Guest Editors
- Share only specific pages they need access to
- Set appropriate permissions (usually Can Edit for active collaboration)
- They won’t see your workspace structure or other pages
Restricting Sensitive Content
For confidential information:- Create a Private Space for sensitive content
- Only share pages from this space with trusted individuals
- Use Can View permissions for most people
- Grant Can Edit only to those who need to update content
- Regularly audit who has access
Temporary Access
For time-limited collaboration:- Share the page with Can Edit or Can View as needed
- When the project ends, remove the collaborator from the page
- Use Settings → Members to manage pending invitations
- Check the Shared with me section to see what you’ve shared
AppFlowy doesn’t currently support time-based permission expiration, so you’ll need to manually remove access when it’s no longer needed.
Permission Auditing
View Who Has Access
To audit page access:- Open the Share menu on any page
- Review the list of collaborators
- Check their permission levels
- Remove or downgrade access as needed
Check Your Own Access
To see what’s shared with you:- Look at the Shared with me section in your sidebar
- Your permission level is indicated for each page
- You can see who shared each page with you
Workspace Member Audit
Workspace owners can audit all members:- Go to Settings → Members
- View all workspace members and their roles
- See pending invitations
- Review guest editors and their page access
Regularly auditing permissions helps maintain security and ensures only the right people have access to your content.
Best Practices
Principle of Least Privilege
Always grant the minimum permission level needed. Start with Can View and upgrade only when necessary.
Use Guests for External Collaborators
Don’t add external partners as full Members. Use Guest roles to limit their access to specific pages.
Regular Permission Reviews
Schedule quarterly reviews of who has access to sensitive pages and remove unnecessary permissions.
Troubleshooting
User Can’t Access Page
- Verify they have a workspace account (Member or Guest)
- Check they’ve been explicitly granted access to the page
- Ensure the page is in a space they can see (if Private space)
- Confirm they’ve accepted their invitation
User Can’t Edit Despite Having Permission
- Verify their permission level is Can Edit, not Can View
- Check if the page is locked (lock status overrides edit permissions)
- Ensure they’re logged in to the correct workspace
- Have them refresh the page to sync latest permissions
Can’t Change Someone’s Permissions
- Only page owners can change permissions
- Workspace role restrictions may apply (Guests can’t share)
- You may not have sharing rights yourself
Next Steps
Sharing Pages
Learn how to share pages and manage access
Guest Editors
Invite external collaborators with limited access
Real-Time Editing
Collaborate simultaneously on shared pages