Governance & Permissions
Governance in Computtite covers how access and actions are controlled across a shared workspace. This is a cloud mode feature — local mode workspaces have a single user with full access and no multi-user controls. In cloud mode, every workspace member has a role that determines their base capabilities, optionally modified by a permission profile that can further restrict those capabilities.
Workspace Roles
Every member invited to a cloud workspace is assigned one of four roles. Roles form a strict hierarchy — Owner > Admin > Member > Viewer.
| Permission | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
| View assets | ✓ | ✓ | ✓ | ✓ |
| Export reports | ✓ | ✓ | ✓ | ✓ |
| Create assets | ✓ | ✓ | ✓ | ✗ |
| Edit assets | ✓ | ✓ | ✓ | ✗ |
| Sync data | ✓ | ✓ | ✓ | ✗ |
| Delete assets | ✓ | ✓ | ✗ | ✗ |
| Manage members | ✓ | ✓ | ✗ | ✗ |
| Edit workspace settings | ✓ | ✓ | ✗ | ✗ |
| Transfer ownership | ✓ | ✗ | ✗ | ✗ |
- Owner: Full control. There is exactly one Owner per workspace. The Owner can transfer ownership to another Admin. Owners cannot be removed from the workspace by anyone — only by transferring ownership first.
- Admin: Can manage most things including members, asset types, and schema configuration. Cannot delete the workspace or transfer ownership. Suitable for senior IT staff who need to configure the environment.
- Member: Standard access for day-to-day inventory work. Can create and edit assets and employees, manage assignments, and run reports. Cannot delete assets or change workspace configuration. Suitable for IT technicians and inventory managers.
- Viewer: Read-only access. Can browse the full inventory (subject to asset visibility rules) and export reports, but cannot create or modify anything. Suitable for stakeholders, auditors, or executives who need visibility without write access.
Permission Profiles
Permission profiles add a second layer of access control on top of roles. They are named sets of restrictions that can be applied to individual members. The key design principle is that profiles can only restrict what a role grants — they cannot expand permissions. A Member with a restrictive profile cannot gain Admin-level access; they can only lose some of the Member capabilities.
Example use cases:
- "Auditor" profile (base: Viewer): Standard viewer with no additional restrictions — used to formally label external auditors in the member list.
- "Inventory Staff" profile (base: Member): Restrict deletion (even though Member normally can't delete, this profile could restrict editing of certain field types) and disable export to Notion.
- "Read-only Admin" profile (base: Admin): An Admin who can see everything and manage members, but cannot modify the asset schema or workspace settings — useful for a manager who oversees access without touching configuration.
Profiles are created from the Administration page (accessible from the sidebar) under the Permission Profiles tab. Once created, they are assigned to members from the Members tab.
Asset Visibility
Beyond role-based access to the workspace, individual assets can have visibility restrictions. This is useful when a subset of your inventory is sensitive and should not be visible to all members. Asset visibility is set per asset from the asset detail panel:
- Everyone: Default. All members (including Viewers) who have access to the workspace can see this asset.
- Admins only: Only Owners and Admins can see this asset. Members and Viewers see no trace of it — it doesn't appear in lists, searches, reports, or counts. Suitable for executive laptops, security appliances, or any equipment whose existence should not be known to general staff.
- Restricted: Only members or permission profiles you explicitly grant can see this asset. Everyone else — including Admins not in the list — is excluded. Use this for assets tied to specific projects, individuals, or sensitivity levels that don't map neatly to the role hierarchy.
All visibility filtering happens at the data level, not the UI level. Hidden assets are not returned in queries for unauthorized users — they don't appear in lists, counts, exports, or search results.
Workspace Tone and Governance Visibility
When the workspace tone is set to Simple, some governance controls are hidden behind secondary menus to reduce cognitive load for non-technical users. Switching to Advanced tone surfaces all governance controls, permission details, and visibility settings at the top level. This setting does not change any permissions — it only affects the UI's presentation.