ACCOUNT & SECURITY
Candor has four workspace roles plus a project-level membership layer. The combination determines what each teammate can see and do. Here’s the practical breakdown.
Full control. Can invite or remove anyone (including other Owners and Admins), grant any role, transfer ownership, change workspace settings, toggle the MFA policy, and delete the workspace. Owners always see every project.
Most things an Owner can do, with three exceptions: Admins can’t delete the workspace, can’t invite or remove Owners or other Admins, and can’t transfer ownership. They can invite Editors and Viewers, change workspace settings, manage projects, and toggle the MFA policy. Admins also see every project.
Can create projects, edit and delete the projects they own, invite project members to those projects, and run interviews. Editors only see projects they’re explicitly added to as members. They don’t see every project in the workspace by default.
Read-only access to projects they’re explicitly added to. Viewers can’t create projects, edit anything, or invite anyone. Useful for stakeholders who want to see findings without changing them.
Two layers, different purposes. The workspace role determines what someone can do. Project membership determines which projects they see.
Project membership is binary: you’re a member or you’re not. It doesn’t change someone’s capabilities; their workspace role still gates what they can do once they’re in. So a Viewer added to a project can see it but can’t edit it, while an Editor added to a project can edit it.
From Settings → Team, invite by email address and pick a role. The role dropdown only shows roles you’re allowed to grant. Owners can grant any role; Admins can grant Editor or Viewer.
The invitee receives an email with a setup link. Clicking it lands them on a setup form where they enter their first name, last name, and a password (12+ characters). Once they finish setup, they’re in the workspace with the role you assigned.
On the team page, each member has a role dropdown. You can promote or demote them in place. The same can-grant rules apply: Admins can’t change another Admin’s role, and only Owners can demote or promote to Owner.
Click Remove next to a member. A confirmation dialog asks you to confirm. Once removed they lose access to every project in the workspace immediately. Their data (audit events, usage) stays in your workspace history; only their access is revoked. You can re-invite them later.
Owners can transfer ownership to another Owner or Admin via Transfer ownership. There’s a checkbox to also demote yourself to Admin in the same step (otherwise you stay an Owner alongside the new one). The workspace always has at least one Owner; the transfer preserves that invariant.
Owners and Admins can flip a workspace-wide MFA toggle on the team settings page. When on, every member without MFA gets prompted to enrol on next sign-in and can’t use the app until they do. Members with MFA already are unaffected. The toggle reads: Require two-factor authentication for everyone in this workspace.
Owner-only. Available under the team settings Danger zone. Deletes every project, persona, interview, and report in the workspace permanently for every member. The dialog requires you to type the workspace name to confirm. Cannot be undone.
Be the first to know when it launches.
No spam. Just a note when Candor is ready. Powered by Highline Beta.