Skip to Content
Governance & ComplianceWorkspaces & RBAC

Workspaces & RBAC

Workspaces provide multi-tenant isolation within a single Slim.io organization. Each workspace operates as an independent security boundary with its own connectors, scans, findings, and policies.

Workspace Model

A workspace encapsulates:

  • Connectors — Each connector belongs to exactly one workspace
  • Scans — Scan jobs run within the context of a workspace
  • Findings — All findings are scoped to the workspace of their originating connector
  • Policies — Governance policies can be scoped to specific workspaces
  • Members — Users are assigned to workspaces with role-based permissions
  • Quotas — Scan quotas can be allocated per workspace

Creating Workspaces

Workspaces are created in the Customer Dashboard under Settings > Workspaces:

  1. Click Create Workspace.
  2. Enter a name (e.g., “Production AWS”, “EU Data”, “Finance Team”).
  3. Optionally enter a description.
  4. Click Create.

After creation, assign connectors and members to the workspace.

Every organization starts with a Default workspace. All connectors and users are initially assigned to this workspace. Create additional workspaces to segment access by team, region, or compliance boundary.

Connector Assignment

Each connector belongs to exactly one workspace at a time:

  1. Navigate to Connectors in the Customer Dashboard.
  2. Select a connector.
  3. In the connector settings, change the Workspace assignment.
  4. Confirm the move — scan history and findings move with the connector.

Moving a connector between workspaces transfers all associated scan history and findings. Users who only have access to the source workspace will lose visibility into that connector’s data.

Role-Based Access Control (RBAC)

Roles

RoleDescription
AdminFull access to all workspace resources. Can manage members, connectors, policies, and settings.
EditorOperational access. Can run scans, manage classifiers and policies, and view all findings. Cannot manage members or workspace settings.
ViewerRead-only access. Can view dashboards, findings, and reports. Cannot modify any configuration or trigger scans.

Permission Matrix

ActionAdminEditorViewer
View dashboards and findingsYesYesYes
Export findingsYesYesYes
Run scansYesYesNo
Create/edit classifiersYesYesNo
Create/edit policiesYesYesNo
Add/remove connectorsYesNoNo
Manage workspace membersYesNoNo
Delete workspaceYesNoNo

Assigning Members

  1. Navigate to Settings > Workspaces > [Workspace Name] > Members.
  2. Click Add Member.
  3. Enter the user’s email address.
  4. Select a role (Admin, Editor, Viewer).
  5. Click Add.

The user receives an email notification and gains access to the workspace on their next login.

Organization-Level Access

Organization administrators have a special role that spans all workspaces:

  • Org Admin — Can view and manage all workspaces, including creating new workspaces, moving connectors between workspaces, and managing org-level settings

Org Admin status is managed by your organization’s platform administrator. Contact your account manager if you need Org Admin access.

Workspace Isolation

Data isolation between workspaces is enforced at the API level:

  • API queries are scoped to the user’s assigned workspace(s)
  • Database-level security rules prevent cross-workspace data access
  • API responses filter out data from workspaces the user does not belong to
  • Audit logs record which workspace context was active for each operation

Quota Allocation

When scan quotas are allocated per workspace:

  • The organization’s total quota is distributed across workspaces
  • Each workspace’s scan usage counts against its allocated quota, not the org total
  • Quota warnings are generated per workspace when approaching limits
  • Org administrators can reallocate quota between workspaces without downtime
Organization Quota: 1,000 scans/month
  → Production Workspace: 500 scans/month
  → Staging Workspace: 300 scans/month
  → Development Workspace: 200 scans/month

Best Practices

  1. Align with teams — Create workspaces that map to your organizational structure (security team, compliance team, engineering team)
  2. Separate by regulation — Use workspaces to isolate data subject to different regulatory requirements (EU data in one workspace, US data in another)
  3. Least privilege — Assign the most restrictive role that allows each user to do their job
  4. Review regularly — Audit workspace membership quarterly and remove inactive users
Last updated on
Risk ScoringOverview