Reference | Centralized versus delegated workspaces#

Your workspace structure can vary depending on how you prefer to share content with your business users. Below, we outline two common structures for setting up permissions and roles for workspaces. You will likely find that the best balance for your team lies somewhere between the two.

Centralized structure#

In a centralized workspace structure, instance admins:

  • Retain workspace creation (instance) privileges.

  • Grant Publish on workspaces (instance) privileges to project admins. With each new workspace, the instance admin grants someone the workspace admin role, allowing them to autonomously manage workspace membership.


When a new workspace is needed:

  1. The instance admin creates it.

  2. They grant the workspace Admin role to a user who will be in charge of managing workspace membership.

  3. The workspace admin grants the Contributor role to whoever will be publishing content into their workspace and grants the Member role to all other users.

  4. Any new workspace users will be added to their respective workspaces by the relevant workspace admin.

To control how content is shared from projects, the instance admin grants Publish on workspaces privileges to a group of project admins. Those project admins are given the Contributor role to the relevant workspaces and publish content from their projects into the workspace.



  • Manage the proliferation of workspaces.

  • Tighter control over sharing content from projects.

  • New workspace creation can be bottlenecked through the instance admin.

  • Restrictive content sharing policy.

Delegated structure#

For a delegated structure, the instance admin:

  • Delegates Create workspaces (instance) privileges to a group of users who will administer workspaces. Any new workspace can be created and managed by a group of workspace Admins, allowing them to manage Workspaces–and any associated process–autonomously.

  • Delegates Publish on workspaces (instance) privileges to a group of users who will moderate workspace content.

  • Grants Publish on workspaces (project) privileges to a group of Designers who will be responsible for publishing content into a workspace when it’s ready. These are the users who will be the primary points of contact for any stakeholder questions.

Example of a delegated workspace structure

Project admins grant those same Designers Publish on workspaces (project) privileges in the necessary project(s), allowing the Designers to share an object outside of the project.

At the same time, the workspace Admins grant those Designers a Contributor role so that they can publish objects into the relevant workspace.



  • Teams and stakeholder groups can autonomously create workspaces as needed.

  • Easy to share content into workspace from a variety of projects.

  • Can lead to a proliferation of workspaces.

  • Harder to effectively manage large numbers of workspaces.