Workspace security and role-based access (cloud service)
Each workspace in Structurizr is owned by a single user, which is the person who originally created the workspace. The workspace owner can share a workspace with other people, using a role-based access mechanism.
There are four different roles that can be associated with users when they have access to a workspace, as indicated by a label on your dashboard.
- Owner This is the person who owns, and originally created, the workspace. Workspace ownership can be transferred (see below).
- Admin This is the person who has admin access to the workspace (everything the owner can do, except deleting the workspace).
- Read/Write This allows a user to view and modify the contents of the workspace. This includes changing and saving the diagram layout, using the browser-based editor, plus uploading new versions of the workspace via the web API.
- Read-Only This allows a user to only view the workspace. The API key/secret pair isn't accessible and diagrams are not editable.
Who has access to my workspace?
Your dashboard will also indicate the number of users who have access to your workspace. For example, Owner 3 indicates there are 3 users with access to the workspace.
Clicking the label will take you to a page that lists all of the users who have access to your workspace.
Configuring role-based access via the web interface
Clicking the Owner ... label will take you to a page that lists all of the users who have access to your workspace.
Adding a user
If you are a workspace owner, or have admin access, underneath the list of users is a form where you can add a user to the workspace.
To add a user to a workspace, enter their e-mail address, choose their role and click the Add button. Please note, the e-mail address must represent a registered Structurizr user.
Changing a role or removing a user
When viewing the list of users who have access to your workspace, to change a user's role or remove them from the workspace, change the role in the dropdown list next to that user's e-mail address and click the Update button. Again, only the workspace owner or an administrator has the ability to do this.
Configuring role-based access via the web API
The Structurizr for Java and .NET client libraries allow you to configure the users that should have read-write and read-only access. It is not possible to configure admin access via the API.
Transferring workspace ownership
When viewing the list of users who have access to your workspace, you can also transfer the workspace to another Structurizr user. Please note that the features available for the workspace are based upon the subscription level of the owner, and are not associated with the workspace itself.