Can a user have different roles in different projects?

Yes. Set a workspace-level baseline and override per project. Most-permissive role wins.

What's the difference between Analyst and Editor?

Editor can change shared assets (templates, alerts, projects). Analyst can run analyses and comment but cannot mutate shared assets.

How is Owner transferred?

Settings > Team > Transfer Ownership. Requires confirmation from both the current Owner and the recipient.

Yes, on Enterprise. Workexe is SCIM 2.0 compliant and integrates with Okta, Azure AD, and JumpCloud.

User Roles and Team Management, RBAC for Agencies and In-House SEO Teams

Workexe uses role-based access control (RBAC) with 5 built-in roles, workspace and project scopes, and SCIM-ready provisioning for enterprises. Set it up once and onboard new teammates in under a minute.

October 17, 20252 min read

The 5 built-in roles
Workspace vs project scope
Agency structure pattern
Time-boxed and conditional access
Auditing access changes
Overview
Step-by-step setup
Advanced tips
Frequently Asked Questions

The 5 built-in roles

Roles are designed to map cleanly to typical agency and in-house structures. Custom roles are available on Enterprise.

Owner, full control + billing + workspace deletion (1 per workspace, transferable)
Admin, manage members + integrations + billing (multiple allowed)
Editor, create/edit projects, run audits, edit reports, no billing
Analyst, run analyses + comment, cannot edit shared assets
Client Viewer, read-only access to assigned projects only

Workspace vs project scope

Roles apply at two levels. Workspace-level grants apply everywhere; project-level grants are restricted to listed projects.

Workspace Admin sees all projects in the workspace
Project Editor sees only the projects they are assigned to
A user can be Admin in one workspace and Client Viewer in another
Project-scoped roles are ideal for freelancer and external auditor access

Agency structure pattern

The common agency setup, one workspace per agency, separate projects per client, Client Viewers scoped to their own project only.

Agency staff: Admin or Editor on the workspace
Senior strategist: Editor scoped to assigned client projects
Client contact: Client Viewer scoped to their single project
Freelance specialist: Analyst on specific projects, time-boxed

Time-boxed and conditional access

On Standard and above, you can set expiry dates on invitations and roles, useful for contractors and temporary auditors.

Auto-revoke after N days (default 90 for external invites)
Restrict by IP allowlist (Enterprise)
Require SSO for specific roles (Enterprise)

Auditing access changes

Every role change is logged in the workspace audit log with actor, target, before/after, and timestamp.

12-month retention on Standard, unlimited on Enterprise
Filter by user, role, project, or date range
Exportable as CSV for compliance reviews (SOC 2, ISO 27001)

user roles and team management, rbac for agencies and in-house seo teams daily rhythm

1
Morning Review
Scan overnight alerts on one dashboard screen.
2
Assign Alerts
Share user roles and team management, rbac for agencies and in-house seo teams tasks with owners and due dates.
3
Explore Trends
Use weekly filters to spot drops or quick wins.
4
Automate
Schedule PDF, Slack or email triggers.

User Roles and Team Management, RBAC for Agencies and In-House SEO Teams

The 5 built-in roles

Workspace vs project scope

Agency structure pattern

Time-boxed and conditional access

Auditing access changes

Frequently Asked Questions

Can a user have different roles in different projects?

What's the difference between Analyst and Editor?

How is Owner transferred?

Is SCIM supported?