Skip to main content
Docs

Manage team access

Each workspace in the Clerk Dashboard supports role-based access control to help manage what team members can see and do. When assigning roles, consider the following:

  • Which resources does this team member need access to?
  • What actions should this team member be able to perform?
  • What level of system configuration access is required?

Available roles

The following table summarizes the available roles:

RoleDescription
OwnerFull access to all resources, including workspace member management and instance keys.
AdminManage applications, instances, billing, configuration, API keys, and instance keys; can impersonate users.
DeveloperManage restrictions, view API keys and Billing, and manage configuration and API keys in development instances only; dev-only user impersonation.
SupportProvide user support with read-only access to application configuration; can impersonate users and manage restrictions.
ViewerRead-only access to configuration; least-privileged role for basic Dashboard visibility.

Important

Only the Owner and Viewer roles are available on the Hobby and Pro plans. For the Business plan, all roles are available.

Owner

The Owner role is the highest level of authority within a workspace, possessing comprehensive access and control over all settings and resources.

Key responsibilities

  • Oversee and manage all resources and applications within a workspace
  • Modify workspace settings, including Billing and member roles
  • Access and modify all applications, including their settings, API keys, and domains
  • Impersonate users and manage restrictions (allowlist, blocklist, waitlist)

Permissions

ReadManageCreateDeleteImpersonation
Applications
Instances
Configuration
Billing
Secrets
Restrictions
Users

Admin

The Admin role handles day-to-day management across applications and instances.

Key responsibilities

  • Manage applications and instances within a workspace
  • Modify workspace settings, including Billing and member roles
  • Access and modify all applications, including their settings, API keys, and domains, but cannot delete or transfer applications
  • Impersonate users and manage restrictions (allowlist, blocklist, waitlist)

Permissions

Important

Admins cannot transfer applications in addition to the permissions below.

ReadManageCreateDeleteImpersonation
Applications
Instances
Configuration
Billing
Secrets
Restrictions
Users

Developer

The Developer role focuses on technical configuration and integrations with limited production access.

Key responsibilities

  • Manage restrictions (allowlist, blocklist, waitlist)
  • View API keys and Billing information
  • Manage configuration and API keys in development instances only
  • Impersonate users in development instances only

Permissions

ReadManageCreateDeleteImpersonation
Applications
Instances
ConfigurationDev only
Billing
Secrets
Restrictions
UsersDev only

Support

The Support role provides tools to assist customers while preventing modifications to sensitive application configurations.

Key responsibilities

  • Provide direct user support and troubleshooting
  • Impersonate users for issue resolution and debugging
  • Manage restrictions (allowlist, blocklist, waitlist)

Permissions

ReadManageCreateDeleteImpersonation
Applications
Instances
Configuration
Billing
Secrets
Restrictions
Users

Viewer

The Viewer role has read-only access to configuration and workspace-level data.

Key responsibilities

  • Review configuration settings of applications
  • Review workspace-level information and configuration

Permissions

ReadManageCreateDeleteImpersonation
Applications
Instances
Configuration
Billing
Secrets
Restrictions
Users

Feedback

What did you think of this content?

Last updated on

GitHubEdit on GitHub