Workspace & Access

Audience: Workspace owners and admins

HighAdvocacy uses three roles: Owner, Admin, and Member. The model is intentionally strict: one role per workspace per user, with permissions enforced on the backend, not just hidden in the UI.

Use this section when you are adding teammates or deciding who can do what.

How the role model is structured

• Owner is account-level. An account can have multiple Owners. Every Owner has implicit access to every workspace and cannot be removed from any of them. Account settings, the account user directory, workspace creation, and workspace delete are Owner-only.
• Admin is workspace-level. Admins can edit workspace settings and notifications, invite users, assign Admin or Member roles, remove users (except the Owner), and create and edit campaigns. Admins do not see account settings.
• Member is workspace-level. Members can view the workspace and approve or reject submissions, but cannot create or edit campaigns and do not see account or workspace settings.

A user can have a different role in each workspace they belong to. When a user belongs to two or more workspaces, the sidebar shows a workspace switcher at the top. Sign-in opens the most recently used workspace.

What to expect when access changes

• Role downgrade or removal mid-session is enforced on the next authorization check. The user is redirected away from any page they no longer have access to.
• Losing access to every workspace signs the user out with an access-removed message.
• Workspace delete is Owner-only, requires typing the workspace name, and is a soft delete with a 30-day restore window. Pending invites for that workspace are auto-canceled.

Related docs

• Notifications & Alerts: who can edit notification settings (Owner and Admin only)
• Campaigns: who can create and edit campaigns (Owner and Admin only)
• Troubleshooting: what to do when a page is blocked or a teammate cannot see something they expected