Submit a ticket

Account Permissions

This feature is only available for the price plan Enterprise.

Account Permissions

Oneflow introduces a new feature for enterprise customers, allowing you to create customized administrator roles. This enables you to specify which account-level admin functions they can access.

These features are made to enhance security and control with custom administrator roles in Oneflow. Also to tailor access to match organizational needs, streamline workflows, and ensure only the necessary personnel have access to sensitive data and processes. 

How it worked in Oneflow beforeHow it works in Oneflow now
  • All administrators had access to all account functionalities.
  • Two license options: User and Administrator
  • You can now control access by assigning administrator roles to specific users.
  • One license option: Licensed user
Non-enterprise customers will only have one default administrator role that have access to all account functionalities.

New administrator tab - Account access

This new view allows you to grant account access and provides an overview of all users with access to the administrator functions.

  • Navigate to Admin > Account access.

There is a predefined system role called Administrator that cannot be edited. This role has all admin permissions. Users with the Administrator role have full access to administer the account and are marked with this specific symbol.

A user can have access to multiple account roles simultaneously, combining all their associated rights.

Account and workspaces roles

There are now two different types of access area roles with different permissions:

  • Workspace roles: These have always existed and come with 25 permissions.
  • Account roles: This is a new addition with 12 permissions.

You can create your own custom account and workspace roles.

Create a New Account Role

  1. Go to Admin > Roles > Click on + Create Role.
  2. Select the access area (workspace or account role) > Choose a role name > Create role.
  3. Click on action menu > Edit permissions > choose what permissions should be set > Confirm.

Below you will find examples on how you can utillize account permissions.

Direct and Group Access

Similar to workspaces, you can choose to grant a user an account role directly or through a group. For instance, if you have a large finance team where everyone should have  account roles X, granting group access is more efficient than assigning the role individually.

Direct Access

Provides direct account access for one user.

  • Go to Account access > Click Grant account access to user.
  • Select user > Choose account role > Grant access.

Group Access

Provides account access to a group of users.

  • Go to Account access > Click Grant account access to group.
  • Select group > Choose account role > Grant access.

Access Area

You can create roles based on two access areas: account and workspace. As mentioned they have different permissions. 

When you're in Admin > Roles, you can see which role belongs to which access area. There are three roles marked with a lock; these are predefined system roles and cannot be managed, hence the inaccessible action menu.

You can create a custom workspace role that can do all of the manager AND admin responsibilities.

New workspace permissions

There are two new workspace permissions. With these, you can give a user with account access administrative controls for individual workspaces.

These new permissions can change:

  1. The details, branding and data retention tabs. Also lets you delete empty workspaces.
  2. Add or remove access to workspaces.

Administrator Rights

Anyone with any admin rights will have view access to the Account overview tab & see the Account ID, Oneflow advisor and the plan.

Users with custom administrator access roles will see the tabs relevant to them.


Certain permissions for both "account" and "workspace" roles will allow users to view tabs in the admin view without granting them the ability to manage those tabs.

If a user has access to creating, editing, or deleting anything regarding user permissions, that user will have implicit view access to all the users, workspaces, roles, and groups tab. They will still only have be able to manage the exact tab relevant to their rights.

For example, a user who has workspace administration rights, will have implicit view access to these tabs.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.