Pages List
List view
Getting Started
Getting Started
Product Data Management
Product Data Management
CAD Collaboration
CAD Collaboration
Workflows
Workflows
Pricing and Billing
Pricing and Billing
Help & Support
Help & Support
Understanding Roles and Permissions
Proper access control is essential for secure collaboration in CAD ROOMS. Understanding roles and permissions helps you protect sensitive designs, enable effective teamwork, and maintain control over who can do what in your workspaces and projects.
CAD ROOMSβ role-based permission model gives you precise control over:
- Who can access your workspace
- Who can work on which projects
- Who can view, modify, or approve engineering data
By assigning the right roles at the right level, you can collaborate confidentlyβwithout sacrificing security or control.
Access Control Overview
CAD ROOMS uses a role-based access control system with permissions at two levels:
- Workspace Level - Control access to the workspace itself, including projects, members, and billing.
- Project Level - Control what users can do inside a specific project, such as working with files, ECOs, and collaboration tools.
These two levels are intentionally separated to reduce the risk of accidental access escalation and to support secure collaboration with both internal and external users.
Workspace-Level Permission Comparison
Workspace roles determine who can manage the workspace as a whole.
Workspace-level permissions control access to the workspace itself, including projects, members, and billing.
Capability | Owner | Admin | Member |
Access workspace | β
| β
| β
|
Create projects | β
| β
| β |
Delete projects | β
| β
| β |
Manage workspace members | β
| β
| β |
Assign workspace roles | β
| β
| β |
Access workspace settings | β
| β οΈ | β |
Manage subscription | β
| β οΈ | β |
Manage payment methods | β
| β | β |
View workspace activity / audit logs | β
| β
| β |
Β
Notes
- β οΈ Certain billing and payment actions are restricted to Workspace Owners only.
- Workspace Members must be invited to projects separately to gain project access
Project-Level Permission Comparison
Capability | Project Admin | Project Collaborator | Project Viewer |
View project files | β
| β
| β
|
Download files | β
| β
| β
* |
Use CAD Viewer | β
| β
| β
|
Add comments / annotations | β
| β
| β
|
Check out files | β
| β
| β |
Upload files | β
| β
| β |
Contribute changes | β
| β
| β |
Replace files | β
| β
| β |
Delete files | β
| β οΈ | β |
Create ECOs | β
| β
| β |
Approve ECOs | β
| β οΈ | β |
Add project members | β
| β | β |
Remove project members | β
| β | β |
Β
Notes
- β οΈ Project Admins can add or remove project members, but cannot add new users to the workspace. Adding users to the workspace is a workspace-level permission.
- ECO approval permissions can be configured per project
- Downloads can be restricted by workspace or project settings
Workspace-Level vs. Project-Level Permissions
Level | Controls |
Workspace | Projects, members, billing, settings |
Project | Files, ECOs, collaboration, CAD actions |
Keeping these levels separate ensures:
- Better security
- Clear responsibility boundaries
- Safe collaboration with external parties
Guest Access
Guest access is not a workspace or project role. Guests receive file-level, read-only access through file sharing and do not consume workspace seats. Their access is limited strictly to the files that have been explicitly shared with them.
Guest access is ideal for external reviews, short-term collaboration, or stakeholders who need visibility without accessing projects or internal workspace data.
To learn how to share files with external users and how invitations work, see: Secure External Collaboration with Guest Sharing
Guest access is ideal for external reviews, short-term collaboration, or stakeholders who need visibility without accessing projects or internal workspace data.
To learn how to share files with external users and how invitations work, see: Secure External Collaboration with Guest Sharing
Best Practices
Use the following guidelines to assign roles securely and efficiently:
- Follow the principle of least privilege: start with the lowest level of access required and upgrade only when necessary.
- Assign Workspace Admin roles sparingly to reduce the risk of accidental changes to projects, members, or billing.
- Use Workspace Members for internal team members who actively work across projects.
- Use Guests for external users who only need access to specific files, instead of adding them to the workspace.
- Review project and workspace access regularly, and remove permissions when responsibilities change or collaboration ends.
- For sensitive projects, limit access to essential users and prefer Viewer roles whenever possible.
Common Permission Scenarios
Internal Engineering Team
- Engineering Manager β Workspace Admin
- Engineers β Workspace Members + Project Collaborators
- Result: Full productivity without administrative risk
Client Design Review
- Client users β Project Viewers
- Result: Clear visibility, no modification risk
Manufacturing Partner
- Partner β Project Viewer (download enabled)
- Result: Access to production files only
External Consultant
- Consultant β Project Collaborator (single project)
- Result: Can contribute without seeing other projects
Related Articles
Β
Understanding Roles and PermissionsAccess Control OverviewWorkspace-Level Permission ComparisonProject-Level Permission ComparisonWorkspace-Level vs. Project-Level PermissionsGuest AccessBest PracticesCommon Permission ScenariosInternal Engineering TeamClient Design ReviewManufacturing PartnerExternal ConsultantRelated Articles
Β
Β
Β
Β
Β
Β
Β
Β
Β