- 19 Jan 2023
- 5 Minutes to read
- DarkLight
What are the Enterprise roles and permissions?
- Updated on 19 Jan 2023
- 5 Minutes to read
- DarkLight
With InVision Enterprise, you can assign roles and set additional permissions to refine responsibilities.
Currently, there are 4 available roles for an Enterprise organization:
- Admin: has full account access
- Manager: can invite members, create teams, and view all documents
- Contributor: can create and edit documents
- Reviewer: can be assigned documents to review
If you are an admin or manager on an Enterprise account, you can change another member's role at any time. To learn more, read Managing Enterprise members For a complete list of permissions for each role, check out the following tables.
Account access
This table specifies each role's access to other members in the organization.
Action | Admin | Manager | Contributor | Reviewer |
Access member permissions | Yes | - | - | - |
View company members | Yes | Yes | Yes* | - |
Invite members | Yes | Yes* | - | - |
Remove members | Yes | Yes** | - | - |
Create teams | Yes | - | - | - |
View Dashboard | Yes | - | Yes* | - |
*You can toggle these permissions on or off in the member permissions settings, discussed below.
** Managers can only remove Contributors and Reviewers, and Admins can toggle this permission on or off in the member permissions settings.
Prototypes and boards
This table specifies what actions are available to each role for prototypes and boards.
Action | Admin | Manager | Contributor | Reviewer |
Preview and join all prototypes and boards | Yes | Yes | Yes* | Yes* |
Create prototypes and boards | Yes | Yes | Yes | - |
View private comments and notes | Yes | Yes | Yes | Yes* |
View assets and activity for prototypes and boards | Yes | Yes | Yes | Yes* |
Duplicate prototypes and boards | Yes | Yes | Yes | - |
Edit prototypes and boards you have joined | Yes | Yes | Yes | - |
Inspect prototypes you have joined | Yes | Yes | Yes | Yes |
Export prototypes you have joined | Yes | Yes | Yes | - |
Create share links for prototypes you have joined | Yes | Yes | Yes | Yes |
Add collaborators to prototypes you have joined | Yes | Yes | Yes | - |
View and edit Workflow for prototypes you have joined | Yes | Yes | Yes | Yes |
Archive and unarchive prototypes and boards you have joined | Yes | Yes | Yes | - |
Delete prototypes and boards you have joined | Yes | Yes | Yes* | - |
*You can toggle these permissions on or off in the member permissions settings, discussed below.
Freehands
This table specifies each role's Freehand permissions, which differ slightly from prototypes and boards.
Action | Admin | Manager | Contributor | Reviewer |
View freehands | Yes | Yes | Yes | Yes |
Edit freehands you are added to | Yes | Yes | Yes | Yes |
Create freehands | Yes | Yes | Yes | - |
Duplicate freehands | Yes | Yes | Yes | - |
Archive and unarchive freehands | Yes | Yes | Yes | - |
Delete freehands | Yes | Yes | Yes* | - |
Design System Manager (DSM)
DSM has separate roles and permissions. Only members of your Enterprise can be added to your DSM organization.
Learn more in this article: DSM Roles and Permissions
Member Permissions settings
You can modify the default member permissions to fine-tune how roles work in your organization.
To access member permissions:
- Sign in to your Enterprise account and navigate to the People page.
- Near the top right of the page, click the More (•••) icon.
- Click Member Permissions.
Session
- Enable session timeouts: If enabled, Enterprise members will be signed out of the Enterprise account after a set period of inactivity.
- Time before a user is logged out for inactivity: This is set to 1 week by default. Choose from the drop-down menu to set your desired duration.
Global
- Require authentication for share links: If enabled, your share links cannot be anonymously viewed. Instead, anyone who views the share link will need to be a member of your Enterprise organization and will need to sign in before they can view the corresponding prototype, freehand, or board. If enabled, this applies globally and cannot be overridden on individual share links.Note: If this setting is not enabled initially but is later toggled on, individuals who don't belong to the Enterprise will lose access to any documents that they could previously access via share links.
- Require two-factor authentication for logins: If enabled, all members will be required to set up two-factor authentication. To learn more, check out this article: Two-factor authentication
Manager
- Can invite members to the company: If enabled, managers can add managers, contributors, and reviewers; however, they cannot add admins. If this is disabled, only admins can add users.
- Can remove Contributors and Reviewers from the company: If enabled, managers can remove contributors and reviewers from the Enterprise account. If this is disabled, only admins can remove members.
Contributor
- Enable dashboard: If enabled, contributors can access the Dashboard page from the top navigation. The dashboard is an organization-wide overview of prototype and user activity.
- Can preview and join all company prototypes: If enabled, contributors can see and join any prototype in the account. Contributors can edit, archive/unarchive, and delete prototypes. If the contributor role is not enabled for a particular individual, a member of the prototype will need to invite that individual to collaborate on the prototype before they can view it. If an Enterprise user clicks a share link for a prototype they're not authorized to view, they can request access.Note: Freehand documents are only visible if the contributor has previously viewed the share link.
- Can view all company members: If this is disabled, contributors will not be able to see other members of the Enterprise organization when adding members to a prototype, when viewing the People page, or when viewing the member filter on the prototypes page and in the activity feed—unless they are on the same team or are collaborating on a prototype with that user. This is ideal for organizations (e.g., agencies) who might not want contributors on one prototype being able to view the individuals associated with another unrelated prototype.
- Can delete Prototype, Board, and Freehand documents: By default, contributors do not have permission to delete documents—only archive. However, you can enable document deletion at any time by toggling on this setting.
Reviewer
- Can preview and join all company prototypes: If enabled, reviewers can see and join every prototype in the account. If this is disabled, a member of the prototype will need to invite them to collaborate before they can view it. If an Enterprise user clicks a share link for a prototype they're not authorized to view, they can request access.Note: Freehand documents are only visible if the reviewer has previously viewed the share link.
- Can view and create private comments and dev notes: If this is disabled, a reviewer will not be able to view existing private comments or notes, nor will they be able to create new ones. This is useful for internal discussions that may not be relevant to the reviewer (e.g., discussions with developers about implementation).
- Can view prototype assets: If enabled, the reviewer can access the assets tab while viewing a prototype.Note: This setting does not affect assets generated by Inspect. Reviewers can always access Inspect-generated assets.
- Can view activity: If this is disabled, a reviewer cannot access the organization-wide activity page nor the activity tab within a prototype—including prototypes they have joined. This allows organizations to work in InVision without displaying a detailed activity log to their clients.