Skip to main content
Version: 2.0.0

Workspace Settings

Managing your workspace efficiently is integral to optimizing your workflow and productivity. Within Permit, we provide intuitive tools and features designed to help you seamlessly manage your team and their access, and maintain logs of all your essential tasks.

Member management

The team management tool ensures controlled access for team members. Depending on their roles, members might modify policies through the dashboard or the API.

For workspace access control, navigate to the Settings screen and choose the Members tab.

Understanding member roles

When adding a new member into your workspace, an invitation is sent to that user. As part of the invitation, you need to specify whether the user will be assigned a Workspace Owner role or a Workspace Editor role.

  • Workspace Owner can create new roles, resources and policies. They can change workspace settings and invite new members to the workspace.
  • Workspace Editor can create new roles, resources and policies. They cannot invite or change access of other team members.

A user can have access to an entire workspace, or they can have access to individual projects and/or environments. If you want a member to have different permissions for a particular project or environment, you can invite them directly into that specific project and environment with a new role. Their workspace owner permissions will continue to remain unchanged elsewhere.

If you don't invite a user into your workspace as a member, but only invite them directly into a specific project or environment, they would only be part of those projects, and their access level will be Mixed, if its more than two projects with different access.

Let's look at an example

Shaul, one of our talented engineers, has selective access within our workspace. While he has comprehensive access to the Shopping App project as its Project Owner, encompassing all its environments, his privileges are more limited in the Internal App project, where he's an Environment Editor for just the dev environment.

Mixed Access Levels

Adding new members

You can either invite members individually or send bulk invitations to your workspace. However, currently, we can't send bulk invites with varied roles. If you want some users to be workspace owners and others to be workspace editors, you'll need to handle this in two separate invites.

Changing member roles

You can change the roles for each member, and for each project and environment they are assigned to, directly from the Members page. If a user is part of more than two projects, but not of the workspace, you can also give him access to the entire workspace, selecting either the Workspace Editor or Workspace Owner role.

Removing a member

Removing a member

By default, when you invite a new member to your workspace, they will be sent an email with a link to accept the invitation. While the invite is still pending, meaning the user has not yet accepted the invite, they will be shown as a blank user.

User Invitation Pending

If for some reason the user has not received the email, you can manually copy the invitation link and send it directly to the user. Each link is bespoke to every added user.

Removing a member

API keys

The API Keys screen lets you create and oversee your API Keys. Using these keys, you can make requests to the Permit REST API at organizational, project and environment level.

For API key management, simply navigate to the Settings on the Sidebar and click on the API Keys tab.

Organization vs Project vs Environment keys

In the hierarchy of key management, Organization Keys reside at the top, governing all organizational assets and projects. They are primarily accessible by top-level administrators, ensuring comprehensive oversight and configurations at a broad level.

One step below are the Project Keys, which are tailored to individual projects or products. These keys facilitate granular control over specific projects, and their access is typically granted to project managers and the relevant team members.

At the most specific level, Environment Keys manage distinct project phases like Development, Testing, or Production. Developers and operations teams usually manage these, adapting configurations to suit each environment's unique needs.


Environment-level API keys are automatically generated for new environments.

Creating new keys

Rotating and deleting keys

Activity Logs

The activity log screen shows the internal audit log - who did what within your workspace. This log will only show changes made via the dashboard. If you wish to see changes made via the REST API, you should check out the API log.

To view the activity log, go to the Settings screen on the Sidebar and select the Activity Log tab.

Activity log screen


Only workspace owners may view activity logs.

If you cannot see this screen, contact the workspace owner (typically the person who opened the account).

Searching and filtering activity logs

To pinpoint a particular activity in the log carried out by a team member, simply refine your search by selecting the specific date of the action and/or filtering by the individual who made the changes. This targeted approach ensures that tracking and reviewing internal operations remain both efficient and thorough, enhancing accountability within the team.

Filtering activity log

API Logs

To view the API log, go to the Settings screen on the Sidebar and select the API Log tab.

API log screen


Only workspace owners may view the API log.

If you cannot see this screen, contact the workspace owner (typically the person who opened the account).

You have the ability to delve deeper into individual API logs to examine the complete request and response details.