Roles, Permissions and Sharing

Roles, Permissions and Sharing

Access Control and Permissions Management

 termbase.io  enables precise control over user access within your organization and teams. Following the principle of least privilege, the platform employs a robust, role-based access control (RBAC) system.
The are two types of roles: Organization Administrator Roles (predetermined) and Team User Roles (Custom)
Organization or Team Administrators can define custom Team User Roles and assign specific permissions to ensure users have only the access required for their responsibilities. When inviting a user to your organization or team, their assigned role determines their access level, restricting privileges to only those explicitly granted.
This approach minimizes unnecessary access and supports compliance with security best practices.

Organization Administrator Roles

At  termbase.io , predefined roles are available for users responsible for organizational control. These roles function as administrative positions, granting the ability to oversee and configure the organization's core settings and behavior.
Users assigned to these roles can perform tasks such as:
  • Creating and managing teams.
  • Defining and assigning team-specific user permission roles.
  • Administering integrations, including managing API key connections.
This structured role-based approach ensures streamlined management and operational security across the organization.


Roles available upon organization creation:

    Organization Administrator (Full Access)
Granted permissions
Title
People
Tags
Title
Title
Administrators
Invite user
Set user role
Remove user
Team User Roles
Read
Create
Edit
Delete
Teams
Read
Create
Edit
Delete
Team Administration
Invite user
Set user role
Remove user
Integrations
Read
Edit
    Team Manager
Granted permissions
Title
People
Tags
Title
Title
Teams
Read
Create
Edit
Delete
Team Administration
Invite user
Set user role
Remove user
    Team & User Role Manager
Granted permissions
Title
People
Tags
Title
Title
Team User Roles
Read
Create
Edit
Delete
Teams
Read
Create
Edit
Delete
Team Administration
Invite user
Set user role
Remove user

How to Invite Administrators

Organization Administrator are able to follow this step by step process:  Administrators 

Team User Roles (Custom roles)

Organization Administrators with permissions to set Team User Roles are then able to  create custom team user roles  and choose from the following permissions. Only explicity granted permissions will be granted to the user.

Explainations

Read Vs. Read Shared: With the read permission, users can read the objects that they created themselves inside a team only. If you want users to be able to read objects that others created, you need to provide them the read shared permission.
Title
Title
Title
Title
Title
Title
Title
Title
Team Administration
Invite user
Set user role
Remove user
Translation Jobs
Read
Read Shared
Create
Edit
Delete
Copywriting Jobs
Read
Read Shared
Create
Edit
Delete
Revisions
Read
Read Shared
Create
Edit
Delete
Redistribute
Read names
Termbases
Read
Read Shared
Create
Edit
Delete
Approve
TermFactory
Read
Read Shared
Create
Edit
Delete
Guidelines
Read
Read Shared
Create
Edit
Delete
Prompt Categories
Read
Read Shared
Create
Edit
Delete
Prompts
Read
Read Shared
Create
Edit
Delete
Copy templates
Read
Read Shared
Create
Edit
Delete
Translation Memories
Read
Read Shared
Create
Edit
Delete
Job Templates
Read
Read Shared
Create
Edit
Delete
File types
Read
Read Shared
Create
Edit
Delete
Machine translation engines
Read
Read Shared
Create
Edit
Delete
Segmentation Rules
Read
Read Shared
Create
Edit
Delete
Replacement Rules
Read
Read Shared
Create
Edit
Delete
Quality settings
Read
Read Shared
Create
Edit
Delete
AI Worker
Read
Read Shared
Create
Edit
Delete
Chat
Read

Object Permissions

Each object in  termbase.io  belongs to a primary team.
  • A user's permissions on the object are determined by the role the user has in the object's primary team.
  • The creator of an object can see the objects he/she created if he is member of the primary team and has the read permission. Ownership can be transferred upon request—this requires an email from the current owner to  hello@termbase.io .
  • To allow a user to edit or delete their own objects, they must be granted the "Edit" / "Delete" permission in the object's primary team. If a user should also be able to edit/delete objects created by other users within the team, they need both "Read shared" and "Edit" / "Delete" permissions.

Sharing Objects in Teams

  • Primary Team: Every object is automatically shared with its primary team. Just users that have the "Read shared" permission are able to see them though.
  • Sharing with Additional Teams:
  • If a user is a member of multiple teams, they can share objects with additional teams beyond the primary team if they do have the share permission in the primary team.
  • When sharing an object, the sharing user defines the maximum level of access that users in the receiving team can have. This allows the sharing user to control how their resource can be modified by others. By default, shared objects are read-only.
To interact with a shared object, a user in the receiving team must have two matching permissions:
    Permission granted by their role within the receiving team.
    Permission granted by the sharing user.
Example: If a user in the receiving team wants to edit a shared termbase, they must (i) have the permission to edit termbases within their team (based on their user role), and (ii) the sharing user must have allowed editing when sharing the termbase.^
  • Public Pools with restricted visibility:
  • Users can be added to a team without 'Read shared' permissions. This allows them to contribute own objects but prevents them from seeing objects submitted by others.