Permissions give you control over the actions that users within a team can perform on the API endpoints. For this case, users are assigned to roles. In fact, every user is in exactly one role which defines their access rights. Teams can have multiple roles.

Certain actions require the special admin permission flag. To ensure every team has at least one administrator, the last user in the admin role cannot be removed from the role.

To change the permissions for a user you can either

  • change the permission set of the current role
  • or move the user to another role

Global roles define the global permissions for a user. Furthermore, project roles allow you to give users special permissions on a project member basis. The permissions regarding project roles are not directly linked to the user, but are assigned in combination with a project membership. You grant a certain set of additional permissions to a user that is assigned to a certain project role in a project. These permissions are only valid for that particular project.


Permissions are a highly sensitive area in awork. Therefore only users with administration access or team-manage-config feature can edit permissions.

If you want to try out these endpoints, click the following button and get all the endpoints as a collection for Postman.