Airtable enterprise permissions

Plan availability

All plan types

Permissions

• Admins - Can perform the actions noted below in workspaces/bases where they are added as collaborators. Otherwise, admins can manage user permissions from the admin panel.

• All users - Can take various actions in Airtable — detailed below.

Platform(s)

Web/Browser, Mac app, Windows app, and mobile apps

Configure SSO and SCIM for the organization

Full visibility over all users and workspaces org-wide

Visibility into specific org units (where assigned)

Control Airtable licenses

Create new org units

Grant super admin access to other users

Grant org unit admin access

Configure domains and authentication settings

Establish organization-wide security policies

Manage rules for APIs and compliance tools (EKM, DLP, audit logs)

Delete workspaces, bases, and interfaces

Move workspaces between org units

Deactivate user accounts

Sign users out of all sessions

Require users to sign in with SSO

Update user email addresses

Remove users from workspaces, bases, and interfaces

Update user permissions on workspaces, bases, and interfaces

Manage groups and group memberships

Manage integration settings

Configure HyperDB

Manage organization branding settings

Manage organizational resources

Organization

Users

Roles

Groups

Solutions

Workspaces

Bases

Interfaces

Data sets

HyperDB

Managed apps

Components

Reports

Settings (Security & compliance)

Settings (Integrations & development)

Settings (Org resources)

Internal Users (Members)

Users whose email domain matches one of the organization's verified domains

• Auto-join via domain capture

• Can be assigned to org units

• Can be granted admin access

• Subject to org security policies

External Users

Users with email domains that do not match the organization's verified domains

• Cannot be granted admin access

• Visible when collaborating on org content

• No org unit membership

Guest Users

Users not claimed but with matching enterprise domain

• Occurs with non-domain-capturing orgs

• Enterprise Hub edge cases

Deactivated Users

Previously active users who have been deactivated by an administrator

• Cannot log into Airtable

• Retain ownership of bases/workspaces

• Don't count toward usage limits

Editor

User's highest access level causes them to be billable. Can create, edit, and modify content. This includes Owner, Creator, and Editor permissions at the workspace, base, or interface level.

Portal Editor

External users who have access through a portal. Billable category for external collaborators.

Viewer

User's highest access level does not trigger billing. Read-only access to content. Users with Read-only access permissions can be upgraded by workspace or base owners.

Viewer (Restricted)

Can only be upgraded to Editor via an admin user or service account. Provides controlled access with limited upgrade paths.

Sign out of all sessions

Add admin access

Change seat type

Add to an org unit

Unassign from org unit

Remove access

Deactivate

Sign out of all sessions

Add admin access

Change seat type

Remove access

Deactivate

Deactivate

User cannot log into Airtable at all. Account is suspended but ownership of bases and workspaces is retained.

Remove Access

User loses workspace/base privileges but can still log into Airtable and create new workspaces, bases, and interfaces.