Restrict or revoke access to projects#
In the project settings, you can control the privacy level and manage user roles:
- Details & privacy: Set the project privacy (Public, Workspace, or Private)
- People: Manage the access of individual workspace members.
Restricting access to a project#
If your plan includes project-level access control, you can set a project to Private and manage users individually. Otherwise, you need to completely remove a user from your workspace in order to remove their access.
If you make a project public, you can still show it to anyone on the internet as if they had the "viewer" role.
Revoking access#
Removing a project owner#
Even if you remove an owner from a project, workspace admins retain ownership.
Admins are always owners
Workspace admins are automatically owners of all projects in the workspace.
The logged metadata is not affected even if an owner is removed from the project.
Removing a service account#
You can remove service accounts from any project in your workspace. Service accounts can only access projects that they are explicitly assigned to.
You can also disable a service account completely in the workspace settings, which ensures that it can no longer use its previous API token to perform any actions.
- To manage a service account's access to a project, navigate to the project settings → :ui-service-accounts: Service accounts.
- To disable a service account or reset its API token, go to the workspace settings in the top-left corner and select Service accounts.
Enabling public projects#
Public projects can be seen by anyone, including unregistered users. By default, the ability to create public projects is disabled.
Workspace admins can enable public projects in the workspace settings. After this, members have the option of setting the privacy of new or existing projects to Public.
Related
- Learn more about roles and permissions: User roles overview
- Enable public projects
- Change project privacy
- Service accounts
- Reset your API token
- Self-hosted ≫ Adding users