Users & Permissions
Manage team access and permissions in your FormWork account.
FormWork provides flexible user management to control who can access and modify your forms and data.
User Roles
FormWork uses role-based access control. Each user is assigned a role that determines their permissions.
Available Roles
| Role | Description |
|---|---|
| Owner | Full access to everything, including billing and account deletion |
| Admin | Full access to forms, entries, and users (except billing) |
| Editor | Can create and edit forms, view all entries |
| Viewer | Read-only access to forms and entries |
Role Permissions Matrix
| Permission | Owner | Admin | Editor | Viewer |
|---|---|---|---|---|
| View forms | Yes | Yes | Yes | Yes |
| Create forms | Yes | Yes | Yes | No |
| Edit forms | Yes | Yes | Yes | No |
| Delete forms | Yes | Yes | No | No |
| View entries | Yes | Yes | Yes | Yes |
| Edit entries | Yes | Yes | Yes | No |
| Delete entries | Yes | Yes | No | No |
| Manage users | Yes | Yes | No | No |
| Manage API keys | Yes | Yes | No | No |
| Billing access | Yes | No | No | No |
| Delete account | Yes | No | No | No |
Inviting Users
To add a new team member:
- Go to Account Settings
- Click the Team tab
- Click Invite User
- Enter their email address
- Select a role
- Click Send Invite
The user will receive an email invitation to join your account.
Pending Invitations
View and manage pending invitations:
- See who hasn’t accepted yet
- Resend invitation emails
- Cancel pending invitations
Managing Users
Changing a User’s Role
- Go to Account Settings > Team
- Find the user in the list
- Click the role dropdown
- Select the new role
- Confirm the change
Removing a User
- Go to Account Settings > Team
- Find the user to remove
- Click the Remove button
- Confirm the removal
Note: Removing a user doesn’t delete their work. Forms and entries they created remain in the account.
Authentication
Supported Sign-In Methods
FormWork supports:
- Email and password
- Social login (Google, GitHub)
Session Management
- Sessions expire after a period of inactivity
- Users can sign out from all devices in their profile settings
- Admins can revoke sessions for any user
Best Practices
Principle of Least Privilege
Assign the minimum role needed:
- Use Viewer for stakeholders who only need to see results
- Use Editor for team members who create and edit forms
- Reserve Admin for those who need to manage the team
Regular Access Reviews
Periodically review who has access:
- Remove users who no longer need access
- Verify roles are still appropriate
- Check for pending invitations that should be cancelled
Secure Onboarding
When adding new team members:
- Brief them on data handling practices
- Explain which forms contain sensitive data
- Document any special procedures