# Project roles

Project roles control what a user or group can access and manage inside a specific project. You can assign these roles per project to define responsibilities across build, deploy, and review tasks. The following table lists system project roles and the access they provide:

Type Description
Project admin Grants full access to all project content and settings, including user management and deletion.
Advanced builder Grants full access to build and deploy, without access to manage settings or user permissions.
Builder Allows users to modify folders, recipes, Workato apps, and data tables. This role also allows test automation but not deployment.
Project operator Grants read-only access to project content and the ability to run and stop recipes.

Use the following guides to review the full set of privileges for each role:

# Project admin

The Project admin role provides full control over all content and settings within a project. This includes recipe development, resource configuration, deployments, and access management. Assign this role to collaborators who manage project assets without requiring environment-level administrative access.

Project admins can perform the following actions in their assigned project:

  • Build and manage recipes, folders, and connections.
  • Approve and review deployments.
  • Manage project access and assign roles to collaborators.
  • View and manage data tables, test automation, and network trace.

Project admins can access every recipe, connection, and asset in a project. This role doesn't include access to environment or workspace-level settings.

# Privileges

The following tables list the full set of privileges included in the Project admin role. Each section outlines what actions the role can perform within a project.

# Project assets

These privileges control access to recipe-building features and shared project resources.

Privilege Full
access
View Edit Edit
records
Create Delete Test/
Start/Stop
Job
history
Modify
structure
Connections
Recipes
Genies
Knowledge bases
Data Pipelines
Data tables
Folders

# Project settings

These privileges control project-level administration, such as access control, project properties, and deployment approvals.

ENABLE DEPLOYMENT

You must enable deployment in both the source and target environments.

Privilege Full access View Edit Edit
records
Create Delete Access
control
Project administration
Project properties
Approve deployment
Review deployment

# Low-code apps

These privileges control access to workflow apps, including app configuration and approval steps.

ACCESS DEPENDENCY

Access to workflow apps also depends on data table privileges.

Privilege Full access Manage access and role Go live/Take offline
App development
App access and role management

# Test automation

These privileges control access to recipe test cases. Full access includes View, Create, Edit, Run, and Delete actions. Test automation management also depends on recipe privileges such as View, Test, and Job History.

Privilege Full access View Manage (Create, Edit, Delete, Run)
Test automation

# Debug jobs

These privileges control access to job-level network traces.

Privilege Full access
Network trace

# Secrets management

These privileges control access to security-related secrets within the project.

Privilege Full access View Edit
Secrets management

# Advanced builder

The Advanced builder role provides full access to build, test, and deploy project assets. This role doesn't include access to project administration or user management.

Advanced builders can perform the following tasks:

  • View, edit, and manage project assets.
  • Perform deployments across environments.
  • Manage test automation and workflow apps.

They can't rename or delete projects, or manage project access. Assign this role to users who handle project development and deployment without administrative control.

# Privileges

The following tables list the full set of privileges included in the Advanced builder role. Each section outlines what actions the role can perform within a project.

# Project assets

These privileges control access to recipe-building features and shared project resources.

Privilege Full
access
View Edit Edit
records
Create Delete Test/
Start/Stop
Job
history
Modify
structure
Connections
Recipes
Genies
Knowledge bases
Data Pipelines
Data tables
Folders

# Project settings

These privileges control project-level administration, such as access control, project properties, and deployment approvals.

ENABLE DEPLOYMENT

You must enable deployment in both the source and target environments.

Privilege Full access View Edit Edit
records
Create Delete Access
control
Project administration
Project properties
Approve deployment
Review deployment

# Low-code apps

These privileges control access to workflow apps, including app configuration and approval steps.

ACCESS DEPENDENCY

Access to workflow apps also depends on data table privileges.

Privilege Full access Manage access and role Go live/Take offline
App development
App access and role management

# Test automation

These privileges control access to recipe test cases. Full access includes View, Create, Edit, Run, and Delete actions. Test automation management also depends on recipe privileges such as View, Test, and Job History.

Privilege Full access View Manage (Create, Edit, Delete, Run)
Test automation

# Debug jobs

These privileges control access to job-level network traces.

Privilege Full access
Network trace

# Secrets management

These privileges control access to security-related secrets within the project.

Privilege Full access View Edit
Secrets management

# Builder

The Builder role provides access to develop recipes and manage key assets within a project. Builders don't have access to deployments or project administration.

Builders can perform the following actions in their assigned project:

  • Create and test recipes and folders, and view connections
  • Manage project properties and review deployments
  • Configure workflow apps, manage access, and publish them

Builders can't deploy project assets or manage project-level access. Assign this role to collaborators who build and test project components without administrative access.

# Privileges

The following tables list the full set of privileges included in the Builder role. Each section outlines what actions the role can perform within a project.

# Project assets

These privileges control access to recipe-building features and shared project resources.

Privilege Full
access
View Edit Edit
records
Create Delete Test/
Start/Stop
Job
history
Modify
structure
Connections
Recipes
Genies
Knowledge bases
Data tables
Folders

# Project settings

These privileges control project-level administration, such as access control, project properties, and deployment approvals.

ENABLE DEPLOYMENT

You must enable deployment in both the source and target environments.

Privilege Full access View Edit Edit
records
Create Delete Access
control
Project administration
Project properties
Approve deployment
Review deployment

# Low-code apps

These privileges control access to workflow apps, including app configuration and approval steps.

ACCESS DEPENDENCY

Access to workflow apps also depends on data table privileges.

Privilege Full access Manage access and role Go live/Take offline
App development
App access and role management

# Test automation

These privileges control access to recipe test cases. Full access includes View, Create, Edit, Run, and Delete actions. Test automation management also depends on recipe privileges such as View, Test, and Job History.

Privilege Full access View Manage (Create, Edit, Delete, Run)
Test automation

# Debug jobs

These privileges control access to job-level network traces.

Privilege Full access
Network trace

# Secrets management

These privileges control access to security-related secrets within the project.

Privilege Full access View Edit
Secrets management

# Project operator

The Project operator role provides limited access to view and run content within a project. Assign this role to users who need visibility into project activity and permission to test recipes, but not edit or deploy content.

Project operators can perform the following actions in their assigned project:

  • View recipes and folders
  • Access job history
  • Test, start, and stop recipes

They can't create, edit, or deploy content. They also can't view connections or manage project settings or user access.

# Privileges

The following tables list the full set of privileges included in the Project operator role. Each section outlines what actions the role can perform within a project.

# Project assets

These privileges control access to recipe-building features and shared project resources.

Privilege Full
access
View Edit Edit
records
Create Delete Test/
Start/Stop
Job
history
Modify
structure
Connections
Recipes
Genies
Knowledge bases
Data tables
Folders

# Project settings

These privileges control project-level administration, such as access control, project properties, and deployment approvals.

ENABLE DEPLOYMENT

You must enable deployment in both the source and target environments.

Privilege Full access View Edit Edit
records
Create Delete Access
control
Project administration
Project properties
Approve deployment
Review deployment

# Low-code apps

These privileges control access to workflow apps, including app configuration and approval steps.

ACCESS DEPENDENCY

Access to workflow apps also depends on data table privileges.

Privilege Full access Manage access and role Go live/Take offline
App development
App access and role management

# Test automation

These privileges control access to recipe test cases. Full access includes View, Create, Edit, Run, and Delete actions. Test automation management also depends on recipe privileges such as View, Test, and Job History.

Privilege Full access View Manage (Create, Edit, Delete, Run)
Test automation

# Debug jobs

These privileges control access to job-level network traces.

Privilege Full access
Network trace

# Secrets management

These privileges control access to security-related secrets within the project.

Privilege Full access View Edit
Secrets management


Last updated: 10/7/2025, 3:50:03 PM