From 382c23b3fa3629bd3c0cac68bf9a0791d8f6867c Mon Sep 17 00:00:00 2001 From: Armel Talla Date: Mon, 22 Jun 2026 16:41:23 -0700 Subject: [PATCH] docs(changelog): add access control entry for June 23, 2026 --- docs/changelog/product.mdx | 47 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/docs/changelog/product.mdx b/docs/changelog/product.mdx index a641428..26f3574 100644 --- a/docs/changelog/product.mdx +++ b/docs/changelog/product.mdx @@ -11,6 +11,53 @@ import { Separator } from '/snippets/components/separator.jsx';
+ + ## Access control + + Workspaces now have **fine-grained access control**. Every member has a + **user type** that sets their baseline access, plus **roles** that are applied + either across the whole workspace or to a single + group and its subgroups. + + + + ### User types and roles + + A member's user type sets the baseline: + + - **Owner** — full control of the workspace + - **Admin** — full administrative and application access + - **Member** — access is whatever their roles grant + + Members can then be assigned roles, at the workspace level or per group: + + - **Workspace roles** — viewer, publisher, operator, provisioner + - **Group roles** — operator, provisioner, and manager + + Every member has **viewer** access, so anyone can read the entire + workspace. Other roles only add the ability to make changes. + + [Access control documentation »](/admin/users/access-control) + + ### Managing access + + Access is editable wherever you're already working: + + - Inline from **Settings → Members** + - From a per-member access panel covering workspace and group roles + - From any group's members dialog + + Every control is permission-aware, so actions you can't perform are disabled + with a tooltip explaining why. + + [Manage group members »](/learn/groups/members) + + + ## Groups