Archive workspaces use flat permissions. There are no admin, editor, or viewer roles — every member who has access to a workspace can take every action inside it.
What Every Workspace Member Can Do
Anyone with access to a workspace can:
Connect, disconnect, and configure social profiles, hashtags, and mentions
Create, edit, and delete campaigns, collections, views, and labels
Request usage rights and reply to creators on the workspace's behalf
Generate, rotate, and revoke API tokens (see Generating an API Token)
Invite or remove other members of the workspace
View and download all content captured by the workspace
There is no permission setting that limits a member to read-only access or restricts which areas they can use.
Why API Tokens Are Workspace-Based
Because Archive does not differentiate between user roles, API tokens are scoped to the workspace, not to the individual member who created them. Any token generated from a workspace has the same level of access as any member of that workspace.
Practical implications:
Tokens are not personal credentials. Treat each token as a workspace-level secret — anyone with the token can act on the workspace.
Multiple tokens are fine. You can generate separate tokens for different integrations to make rotation easier. Each token can be revoked independently.
Rotate when a member leaves. Since tokens aren't tied to a person, removing someone from the workspace does not invalidate tokens they generated. Rotate any tokens you suspect they had access to.
Managing Workspace Members
Access is granted at the workspace level: a member either has access to the workspace or doesn't. To control who can see and act on a workspace, manage the member list — there are no per-area permissions to configure.
If you need finer-grained controls for your use case, reach out to your Customer Success Manager (CSM) so we can capture the requirement.