Workspace security and role-based access (cloud service)

Each workspace in Structurizr is owned by a single user, which is the person who originally created the workspace. The workspace owner can share a workspace with other people, using a role-based access mechanism.

Workspace roles

There are four different roles that can be associated with users when they have access to a workspace, as indicated by a label on your dashboard.

  • Owner This is the person who owns, and originally created, the workspace. Workspace ownership can be transferred (see Help - Transferring workspace ownership).
  • Admin This is the person who has admin access to the workspace (everything the owner can do, except deleting the workspace).
  • Read/Write This allows a user to view and modify the contents of the workspace. This includes changing and saving the diagram layout, using the browser-based editor, plus uploading new versions of the workspace via the web API.
  • Read-Only This allows a user to only view the workspace. The API key/secret pair isn't accessible and diagrams are not editable.

Configuring role-based access via the web interface

Clicking the " Users" link on your workspace summary page will take you to a page that lists all of the users who have access to your workspace.

Adding a user

If you are a workspace owner, or have admin access, underneath the list of users is a form where you can add a user to the workspace.

To add a user to a workspace, enter their e-mail address, choose their role and click the Add button.

Changing a role or removing a user

When viewing the list of users who have access to your workspace, to change a user's role or remove them from the workspace, change the role in the dropdown list next to that user's e-mail address and click the Update button. Again, only the workspace owner or an administrator has the ability to do this.

Configuring role-based access via the web API

The Structurizr for Java and .NET client libraries, plus the Structurizr DSL, allow you to configure the users that should have read-write and read-only access to a workspace. It is not possible to configure admin access via the API.