Member & Permission Management

Firstage uses a Role-Based Access Control (RBAC) system to manage team member permissions granularly. Assign appropriate roles to each team member to create a secure and efficient collaborative environment.

Role Hierarchy

Firstage’s 5 roles follow this hierarchy:

Owner (Highest Permission)
  ├── Admin (Administrator Permission)
    ├── Manager (Limited Administrative Permission)
      ├── Member (Basic User Permission)
        └── Viewer (Read-Only)

Detailed Role Descriptions

Owner (Workspace Owner)

Permission: WORKSPACE/MANAGE - All workspace permissions

Owner has the WORKSPACE/MANAGE permission, which automatically includes all permissions within the workspace. This is the highest permission that serves as the foundation for all other roles.

Owners can perform all actions within the workspace, including:

Use Cases:

• Workspace founder
• Account manager

Admin (Administrator)

Permission: All permissions except Owner privileges

Admins can perform almost all administrative tasks in the workspace:

Use Cases:

• Team leader
• Content director
• Marketing manager

Manager (Manager - Limited Permissions)

Permission: Content and limited team management permissions

Managers can handle day-to-day content operations and limited team management:

Use Cases:

• Team coordinator
• Content editor
• Project manager

Member (Team Member - Basic User)

Permission: Content creation and basic functionality

Members can focus on their primary task of content creation and publication:

Use Cases:

• Content creator
• Social media operator
• Marketing staff

Viewer (Viewer - Read-Only)

Permission: Read-only access

Viewers can only view all information in the workspace:

Use Cases:

• Stakeholder
• Consultant
• Audit purposes

Managing Member List

Viewing Member List

On the “Settings > Members” page, you can see all workspace members:

Information available in the list:

• Name: Team member’s name (set in account information)
• Email: Team member’s email
• Role: Currently assigned role
• Status: Active, Pending, Inactive
• Join Date: Date joined the workspace

Searching and Filtering Members

You can find members using these methods:

• Search: Search by member name or email
• Filter by Role: Filter by Owner, Admin, Manager, Member, Viewer
• Filter by Status: Filter by Active, Pending, Inactive

Managing Member Roles

Changing Roles

To change a team member’s role:

Removing Team Members

To remove a team member from the workspace:

Resending Invitations

To resend an invitation email to a member with Pending status:

1. Find the member with Pending status in the members list
2. Click the menu button (…)
3. Select “Resend Invitation”
4. Confirm and the invitation email will be sent again

WORKSPACE/MANAGE - Highest Permission

Owner’s Core: WORKSPACE/MANAGE

The most important permission in Firstage’s permission system is WORKSPACE/MANAGE:

Difference from Other Roles

Owner (Has WORKSPACE/MANAGE):

All permissions automatically included → No restrictions

Admin, Manager, Member, Viewer (Has only specific permissions):

Only assigned permissions available → Detailed permission checks required

How It Works

// Owner with WORKSPACE/MANAGE
if (user.permissions.includes('WORKSPACE/MANAGE')) {
  // All permission checks automatically pass
  // WORKSPACE_CONTENT/CREATE? → Pass
  // WORKSPACE_MEMBER/DELETE? → Pass
  // WORKSPACE_BILLING/MANAGE? → Pass
  // All actions allowed
}
 
// Other roles without WORKSPACE/MANAGE
if (!user.permissions.includes('WORKSPACE/MANAGE')) {
  // Individual permission check for each action
  // Check WORKSPACE_CONTENT/CREATE → Required
  // Check WORKSPACE_CONTENT/DELETE → Required
  // Check WORKSPACE_MEMBER/DELETE → Required
  // Only specified permissions allowed
}

Understanding the Permission System

23 Permission Categories

Firstage uses 23 permission categories for granular permission management:

Permission Action Types

Within each category, these action permissions exist:

• MANAGE: All permissions for that area (create, edit, delete, view)
• CREATE: Create new items
• UPDATE: Edit existing items
• DELETE: Delete items
• READ: View items

Permission Management Best Practices

1. Principle of Least Privilege

Grant team members only the minimum permissions they need:

• ✅ Members who only create content → Member role
• ✅ When team management is needed → Manager or Admin role
• ✅ When only viewing is needed → Viewer role
• ❌ Granting Owner permissions to everyone

2. Regular Permission Reviews

Review permissions in these situations:

• Team member job title changes
• Project completion
• Team member departure
• Quarterly regular reviews

3. Monitoring and Auditing

Track important actions:

• Monitor Owner activities
• Check permission change history
• Regular access reviews

Frequently Asked Questions

Q: I accidentally changed a team member’s permissions.

A: You can correct it again. Select the correct role and click the change button. Previous permissions will be automatically removed.

Q: Can I assign multiple roles simultaneously?

A: No, each team member can have only one role at a time. You can change it later if needed.

Q: Can I remove the last Owner?

A: No, a workspace must always maintain at least 1 Owner. You must assign another team member as Owner before changing your own role.

Q: Does it take time for new permissions to apply after changing roles?

A: No, permission changes apply immediately. Team members can use new permissions right away without logging in again.

Q: Can I selectively grant specific permissions?

A: Currently, permissions can only be granted through 5 predefined roles. Custom role features will be added in future updates.

Next Steps

• Team Invitation Guide
• Workspace Creation & Settings