Admin Controls
Admin controls let workspace owners and admins configure policies that govern how members interact with the workspace. These settings are found in Settings → Policies and apply to all members. For authentication and session policies, see Security & SSO.
Member Invite Policy
Controls who can send invitations to bring new members into the workspace.
Invite Permissions
Only the workspace owner can invite new members. Best for tightly controlled workspaces.
Admins and the owner can invite new members. This is the default setting.
Any workspace member can invite others. Useful for open teams where rapid onboarding is preferred.
Guest Access
Enable or disable guest access for the workspace. When enabled, external collaborators can be invited with limited permissions. When disabled, only full members can access the workspace.
Toggle Guest Access
Guests have restricted access and cannot modify workspace settings, manage members, or access billing. Toggle this setting on or off from the admin controls panel.
External Sharing Policy
Controls who can create share links to make posts accessible to people outside the workspace.
Sharing Permissions
No one can create share links. All external sharing is blocked. Existing share links continue to work until they expire or are revoked.
Only admins and the workspace owner can create share links. Regular members cannot share posts externally.
Any workspace member can create share links for posts they have access to.
Project Creation Policy
Controls who can create new projects in the workspace.
Creation Permissions
Only admins and the workspace owner can create new projects. This keeps the project structure controlled and organized.
Any workspace member can create projects. Suitable for teams where members self-organize their work.
Data Export Policy
Controls who can export workspace data such as posts, comments, and project information.
Export Permissions
Data export is disabled for all users. No one can export workspace data.
Only admins and the workspace owner can export data. Recommended for workspaces with sensitive information.
Any workspace member can export data they have access to.
Developer Access Policies
Controls who can create API keys and webhooks for the workspace, and which scopes those keys are allowed to request. For more about API authentication, see Security & SSO.
Creation Policies
No one can create new API keys or webhooks for that capability. Existing resources continue to work until they are revoked.
Only the workspace owner can create new developer credentials.
Admins and the workspace owner can create new keys and webhooks. This is the most controlled shared setting.
Any workspace member except viewers can create new keys or webhooks, while still managing only the resources they own.
Scope Allowlist
Workspace admins and owners can allow or block individual API scopes such as projects, posts, tasks, media, audit logs, and webhooks.
Write access automatically includes read access for the same resource, so the allowlist is stored as an effective permission set rather than a write-only matrix.
New keys and rotated keys must stay inside the current allowlist. Invalid or unknown scope requests are rejected instead of being partially accepted. Existing keys are not silently rewritten when the allowlist changes.
The Developers page offers preset bundles like read-only, content automation, project/task automation, and full workspace access based on the scopes currently allowed.
Ownership & Rotation
Members can create, rotate, revoke, and edit only the API keys and webhooks they created. Admins and owners can manage all workspace developer resources. The Developers page includes rename/edit actions, preserves creator attribution for admins, and rotating a key creates a replacement with the same name, scopes, and expiration, then revokes the previous key immediately.
Access & Permissions
Who Can Modify
Only workspace owners and admins can view and modify admin controls. Regular members and viewers do not have access to these settings.
Audit Trail
All changes to admin controls are recorded in the workspace audit log, including who made the change and when. See Security & SSO for details.