Workspace Administration
Administer the Oriel workspace without breaking tenancy or escalating grants.
Workflow
Section titled “Workflow”Use workspace settings for:
- Workspace rename and delete
- Members and grants
- Built-in and custom roles
- API, ingest, and feature-flag SDK tokens
- Audit log review
Use project settings for:
- Project rename and retention settings
- Environment creation and deletion
- Environment auto-registration controls
- Service catalog metadata
Permissions
Section titled “Permissions”Administration is permission-based. Common grants include:
| Area | Read | Manage |
|---|---|---|
| Members | members:read | members:manage |
| Roles | roles:read | roles:manage |
| Tokens | tokens:read | tokens:manage |
| Projects | projects:read | projects:manage |
| Environments | projects:read | environments:manage |
| Services | projects:read | services:manage |
| Feature flags | flags:read | flags:write |
| Flag SDK keys | tokens:read | flags:manage to mint; tokens:manage to revoke |
| Audit log | audit:read | Not editable |
Grant changes enforce no-escalation: a caller can only grant permissions already held at the target scope.
Related Pivots
Section titled “Related Pivots”- Review audit entries after member, role, token, and workspace changes.
- Use project retention settings to match telemetry value and storage cost.
- Use environment caps to prevent unbounded preview environment growth.
- Keep API tokens, ingest tokens, and feature-flag SDK keys separate.