Roles & Permissions
WorkApps apps have three roles: viewer, editor, and admin. The current user's role is returned by sdk.getBootstrap().
Role Capabilities
| Action | viewer | editor | admin |
|---|---|---|---|
| Read records | Yes | Yes | Yes |
| Create records | No | Yes | Yes |
| Update records | No | Yes | Yes |
| Delete records | No | Yes | Yes |
| Manage app settings | No | No | Yes |
Getting the Current Role
1const bootstrap = await sdk.getBootstrap();2// bootstrap.role — 'viewer' | 'editor' | 'admin'Role-Based UI
Use the role to show or hide editing controls:
1const bootstrap = await sdk.getBootstrap();2const canEdit = ['editor', 'admin'].includes(bootstrap.role);34if (canEdit) {5 document.getElementById('create-btn').style.display = 'block';6 document.getElementById('edit-btn').style.display = 'block';7}See Role-Based UI guide for more patterns.
How Roles Are Assigned
Roles are assigned by org admins in the WorkApps dashboard. Your app does not manage role assignment — WorkApps handles it.
Note: Explicit per-user grants always override the app's default access mode.
App Access Modes
Each app has an access mode that determines the default role for org members:
| Mode | Who can access | Default role |
|---|---|---|
| Open | All org members | viewer (can be elevated with an explicit grant) |
| Invite-only | Must have an explicit per-user grant | No access without a grant; admins/owners always have access |
| Private | Org admins and owners only | No access for regular members, regardless of grants |
| Open + guests | All org members plus authenticated users from allowed guest email domains | viewer |
Access mode is configured by org admins per-app in the WorkApps dashboard.
Record-level read-only (
ErrorCode.ReadOnlyRecord) is separate from app access modes — it applies when a specific record has been marked read-only regardless of the user's role.