Permissions
Raven Docs uses a hierarchical permission model to control access to your content.
Permission Hierarchy
Permissions cascade down but can be overridden at each level.
Workspace Roles
| Role | Description |
|---|---|
| Owner | Full control, can delete workspace |
| Admin | Manage members, settings, all content |
| Editor | Create/edit content, cannot change settings |
| Viewer | Read-only access to permitted content |
Assigning Workspace Roles
- Go to Settings → Members
- Click on a member
- Select their role
- Save changes
await client.workspaces.changeMemberRole({
workspaceId: 'ws_123',
userId: 'user_456',
role: 'editor',
});
Space Permissions
Spaces can have their own permission settings:
Visibility
| Setting | Description |
|---|---|
| Public | All workspace members can access |
| Private | Only explicitly added members |
Space Roles
| Role | Permissions |
|---|---|
| Admin | Full control of space, manage members |
| Editor | Create/edit pages in this space |
| Viewer | Read-only access to this space |
Setting Space Permissions
// Make space private
await client.spaces.update({
workspaceId: 'ws_123',
spaceId: 'space_456',
visibility: 'private',
});
// Add member to space
await client.spaces.addMember({
workspaceId: 'ws_123',
spaceId: 'space_456',
userId: 'user_789',
role: 'editor',
});
Page Permissions
Individual pages can override space permissions:
Permission Levels
- Inherit - Use space permissions (default)
- Custom - Set specific permissions for this page
Use Cases
- Private page in a public space
- Shared page in a private space
- Different access levels for specific users
await client.pages.setPermissions({
pageId: 'page_123',
workspaceId: 'ws_456',
permissions: [
{ userId: 'user_111', role: 'editor' },
{ userId: 'user_222', role: 'viewer' },
],
});
Groups
Create groups to manage permissions at scale:
Creating Groups
- Go to Settings → Groups
- Click Create Group
- Name the group (e.g., "Engineering Team")
- Add members
const group = await client.groups.create({
workspaceId: 'ws_123',
name: 'Engineering Team',
});
await client.groups.addMember({
workspaceId: 'ws_123',
groupId: 'group_456',
userId: 'user_789',
});
Assigning Group Permissions
Apply permissions to entire groups:
await client.spaces.updatePermissions({
workspaceId: 'ws_123',
spaceId: 'space_456',
targetId: 'group_789',
role: 'editor',
isGroup: true,
});
External Sharing
Share content with people outside your workspace:
Public Links
- Click Share on any page
- Enable Public Link
- Configure options:
- Password protection
- Expiration date
- Download permissions
- Copy and share the link
Guest Access
For frequent external collaborators:
- Invite as guest (limited access)
- Grant access to specific spaces
- Guests see limited UI
Security Best Practices
Principle of Least Privilege
- Start with viewer access
- Upgrade to editor only when needed
- Reserve admin for those who need it
Regular Audits
Schedule periodic permission reviews:
- Monthly: Review new members' access
- Quarterly: Audit space permissions
- Annually: Full access review
Sensitive Content
For highly sensitive information:
- Create a private space
- Limit membership explicitly
- Disable external sharing
- Enable audit logging (Enterprise)
Permission Scenarios
Scenario 1: Department Wiki
Scenario 2: Executive Documents
Scenario 3: Client Documentation
Scenario 4: Onboarding
API Reference
// Get space members
const members = await client.spaces.members({
workspaceId: 'ws_123',
spaceId: 'space_456',
});
// Update permissions
await client.spaces.updatePermissions({
workspaceId: 'ws_123',
spaceId: 'space_456',
targetId: 'user_789',
role: 'editor',
});
// Remove member
await client.spaces.removeMember({
workspaceId: 'ws_123',
spaceId: 'space_456',
userId: 'user_789',
});
Related
- Workspaces Concept - Workspace overview
- Collaboration - Sharing and teamwork
- Users API - User management API