Workspaces

Coming Soon

Workspaces are under active development and will be available in a future release.

As your organization grows, different departments need clear boundaries around their data. Marketing’s data shouldn’t casually flow into Finance’s workspace, and HR’s data needs strict separation from everything else. Workspaces provide these boundaries.

More than a folder

A workspace isn’t just a way to organize projects — it’s a security boundary. Think of it like a barrier island in a waterway system: a hard perimeter that data only crosses through explicit channels, not ambient access.

Each workspace contains its own projects, dashboards, and data sources. Data within a workspace is completely separate from other workspaces by default.

Team access and permissions

Workspace owners control who can access their workspace and what they can do within it. You can grant different levels of access:

• Share the entire workspace — give someone access to everything in the workspace at once, instead of sharing individual items
• View access — a team member can see all projects and dashboards in the workspace but not modify them
• Edit access on specific items — a team member can view everything but only edit certain projects or dashboards that you choose

For example, you might give John view access to your entire workspace, but only let him edit the two dashboards he’s responsible for.

Workspace owners control the boundaries

You must be an owner of a workspace to manage who has access. Workspace owners can share the whole workspace for simple team access, or fine-tune permissions per project and dashboard within it.

What workspaces separate

Workspaces are designed for data that typically does not need to be connected:

• Marketing and Finance operate on different data with different sensitivity levels
• Client A and Client B data should never mix in a consulting firm
• Production and Development environments need clear separation
• HIPAA-regulated data needs its own governance zone

If you have data that needs to work together — like combining sales and marketing data for analysis — that data belongs in the same workspace. Workspaces separate what shouldn’t overlap.

How data crosses boundaries

Data moves between workspaces only through deliberate action — explicit sharing, not ambient access. If someone in Marketing wants to share a dataset with Finance, they share it through a governed channel. The sharing is visible, auditable, and revocable.

This is the barrier island model: not every boundary needs to be permeable. When permeability is needed, it flows through defined inlets — not over the top.

Workspace and policy interaction

Workspaces add a layer above access policies and groups:

• Sharing and access policies operate within a workspace
• Workspace boundaries operate between workspaces
• Organization-level admin controls set the guardrails that workspaces can’t override

Teams can add stricter policies within their workspace, but they can’t weaken organization-level protections.

Common patterns

Departmental separation: Each department gets its own workspace. Marketing, Sales, Finance, and HR each operate independently, with data crossing boundaries only when explicitly shared.

Client isolation: Service providers create a workspace per client, ensuring complete data separation with simple whole-workspace sharing for the client team.

Compliance zones: Regulated data (HIPAA, PCI) lives in its own workspace with stricter defaults and audit requirements.

Next steps

• Sharing — How sharing works within and across workspaces
• Access Policies — Row-level security within workspaces
• Groups — Team-based policy assignment
• Admin Controls — Organization-wide settings