Workspace Role-Based Access Control

Getting Started

What is role-based access control (RBAC) in Arcade?

Role-based access control (RBAC) allows you to assign different roles and permissions to members of your Arcade workspace and teams. This gives you control over who can view, edit, publish, or manage billing.

Where do I manage roles?

• At the workspace level: Go to the top-left workspace selector → Settings → Members.

• At the team level: Under the workspace, select the team menu → Members.

• At the individual Arcade level

Roles

What roles are available in Arcade?

• Owner: Full control, including billing and user management. One per workspace.

• Admin: Full access over Arcades, settings, themes, and billing.

• Editor: Can create, edit, and publish Arcades. Cannot access billing.

• Collaborator: Can create and edit Arcades. Requires admin approval to publish.

• Viewer: Can view Arcades and Insights. Cannot edit or share. For every two paid seats, you will get one viewer seat.

• Billing user: Can manage billing. One per workspace.

Which roles are paid vs free?

• Admins, editors, and collaborators are paid seats.

• Viewers and billing users are free.

How many free viewers can I have?

You can have up to half as many viewers as you have paid seats. This means if you have 10 paid seats, you will have 5 viewers. If you need more, contact your account executive or customer success manager.

How many billing users can I have?

You can have one billing user per workspace.

Workspace vs Team Roles

What’s the difference between workspace roles and team roles?

• Workspace roles apply across your entire Arcade workspace.

• Team roles let you assign different permissions for a specific team.

For example, someone could be an Admin at the workspace level but only a Viewer in a sensitive team folder.

Are billing users available at the team level?

No. Billing roles exist only at the workspace level.

Can free roles exist at the team level?

• If someone is a free user at the workspace level, they must remain free in all teams.

• If someone is a paid user at the workspace level, they can be assigned either paid or free roles within teams.

Permissions

Who can view an Arcade?

All roles: Owner, admin, editor, collaborator, viewer, and billing user.

Who can create an Arcade?

Admins, editors, and collaborators.

Who can edit an Arcade?

Admins, editors, and collaborators.

Who can publish an Arcade?

Admins and editors.

Who can approve publishing for a collaborator?

Only admins.

Who can delete an Arcade?

Admins, editors, and collaborators.

Who can comment on an Arcade?

All roles can comment.

Who can move an Arcade between folders or teams?

Admins, editors, and collaborators.

Who can invite other users?

• Everyone can invite viewers.

• Only admins can invite paid roles (admins, editors, collaborators).

Who can manage a team?

Only the team admin.

Who can view Insights?

All roles.

Who can manage billing?

Admins and billing users.

Who can manage the workspace?

Admins and the owner.

Billing & Enterprise

How does billing work with RBAC?

• Paid roles (admins, editors, collaborators) count toward your seat total.

• Free roles (viewers, billing users) do not count against paid seats, but are capped.

What if I need more viewers or custom role setup?

Contact your account executive or customer success manager to discuss additional seats or enterprise controls.

When should I use Arcade-level RBAC vs workspace-level RBAC?

Use Arcade-level RBAC when you want to control access to a specific Arcade without changing permissions across your entire workspace.

Common use cases:

• Sharing a single Arcade with an external partner or client

• Collaborating on one Arcade with someone who doesn’t need full workspace access

• Granting edit access to a specific Arcade while keeping the rest of your workspace restricted

• Making an Arcade public for viewing while limiting who can edit it

Use workspace-level RBAC when you want to control access across all Arcades in your workspace.

Common use cases:

• Adding or removing full team members (from the workspace)

• Controlling who can create, edit, or manage Arcades by default

• Applying consistent permissions across multiple projects

• Managing long-term access for internal teams

How they work together

Arcade-level RBAC and workspace-level RBAC are designed to work together:

• Workspace-level RBAC defines baseline access

• Arcade-level RBAC allows fine-grained control for individual Arcades (and is geared towards external collaboration as well).

This combination lets teams collaborate flexibly while maintaining clear boundaries and predictable billing.

Example Use Cases

When should I use RBAC?

• Limit access to sensitive teams (for example, a fundraising folder where only a few members are collaborators).

• Allow executives to be billing users without paying for editing rights.

• Assign viewers for customer-facing teams so they can see Arcades without editing.

• Set collaborators for junior team members who can create Arcades but need admin approval to publish.