Manage workspace members, roles, and permissions to build effective AI teams
Team management in Dify is workspace-centric. When you add members to your workspace, they get access to workspace resources based on their assigned role. Understanding these roles helps you build secure, productive AI teams.
Full workspace control. Only one owner per workspace. Controls all team members, model providers, and can delete the workspace. Cannot transfer ownership to another member.
Admin
Team and resource management. Can add/remove team members, configure model providers, manage all applications, and manage integrations. Cannot change member roles.
Editor
Application development. Can create, edit, and delete applications, manage knowledge bases, and use all workspace tools. Cannot manage team members or configure providers.
Member
Application usage only. Can use published applications and tools they have access to. Cannot create or modify applications.
Only workspace owners can invite new team members:
1
Access member management
Navigate to Settings → Members in your workspace.
2
Send invitations
Enter email addresses and select the appropriate role for each new member.
3
Handle invitations
New users receive registration emails. Existing Dify users are added immediately and gain access right away.
Email service must be configured for invitation emails to deliver. Without SMTP configured, an Owner or Admin can still create the account manually and share the credentials out of band.
Removing Members: Only workspace owners can remove team members. When removed, members immediately lose workspace access, but applications they created remain in the workspace.Role Changes: Only workspace owners can modify member roles. Role changes take effect immediately and alter what the member can access across the workspace.
Resource Inheritance: All workspace resources (model providers, integrations, knowledge bases) are available to team members based on their role permissions.Application Access: Members see applications based on sharing settings and their role. Owners and Admins see all applications. Editors see applications they can modify. Members see only published applications they’re permitted to use.Configuration Access: Model providers and integrations configured at the workspace level become available to all applications created by team members with appropriate permissions.
