Roles & Permissions
Every team member in a workspace has a role. Roles control what they can see and edit in the dashboard.
Role hierarchy
| Role | Description |
|---|---|
| Owner | Full access. Can manage billing, delete the workspace, and change any setting. |
| Developer | Can manage schema, deployments, API keys, and all content. Sees the developer sidebar. |
| Member | Can edit content fields marked editableBy: "member" or lower. Default role for clients. |
| Viewer | Read-only access to the dashboard. Cannot edit any content. |
Each role inherits all permissions of the roles below it.
Field-level permissions
You can restrict individual fields to specific roles using the editableBy option in your schema:
vard.define({
hero: {
title: v.string("Welcome", { editableBy: "member" }), // any member can edit
accentColor: v.color("#000", { editableBy: "developer" }), // only developers
apiEndpoint: v.string("", { editableBy: "owner" }), // only the owner
},
});A member with the member role will see title in the dashboard but not accentColor or apiEndpoint.
Assigning roles
Roles are assigned when inviting a team member (Settings → Team → Invite). You can change a member’s role at any time from the same page.
For most clients, the Member role is appropriate. Use Viewer if you want a stakeholder to review content without being able to change anything.
Recommended setup
| Person | Role |
|---|---|
| You (the developer) | Owner or Developer |
| Your client’s main contact | Member |
| Your client’s reviewers | Viewer |
Last updated on