Roles & Permissions
Glacier uses a role-based access control (RBAC) model. Every workspace member has one of four roles. Roles are assigned per workspace — there are no project-level roles.
Roles
| Role | Who it's for |
|---|---|
| Owner | The workspace creator. Full control, including billing and workspace deletion. |
| Admin | Trusted team members who manage members, settings, and integrations. |
| Member | Standard contributors. Can read and write all board and doc content. |
| Viewer | Read-only access. Can view the board, docs, and metrics but cannot make changes. |
Permissions matrix
| Action | Viewer | Member | Admin | Owner |
|---|---|---|---|---|
| View board, docs, metrics | ✓ | ✓ | ✓ | ✓ |
| Create and edit cards | — | ✓ | ✓ | ✓ |
| Move and delete cards | — | ✓ | ✓ | ✓ |
| Create and edit docs | — | ✓ | ✓ | ✓ |
| Create and edit labels | — | ✓ | ✓ | ✓ |
| Manage columns (create, rename, reorder) | — | — | ✓ | ✓ |
| Edit project settings | — | — | ✓ | ✓ |
| Invite and remove members | — | — | ✓ | ✓ |
| Change member roles | — | — | ✓ | ✓ |
| Manage workspace integrations | — | — | ✓ | ✓ |
| Delete workspace | — | — | — | ✓ |
Inviting members
Open Workspace Settings → Members → Invite. Enter the email address and select a role. The invitation expires after 7 days.
Invited users receive an email with a link to accept. If they don't have a Glacier account, they'll be prompted to create one first.
Changing roles
Admins and owners can change any member's role from Workspace Settings → Members. Owners can promote members to admin; only the owner can transfer ownership.
You cannot demote yourself if you are the only owner of a workspace.
Viewer mode
Viewer-role users see the full board and docs but all write controls are hidden — no create buttons, no drag handles, no edit menus. This makes Glacier suitable for sharing a project board with stakeholders or clients who need visibility without edit access.
MCP and roles
Claude connects to Glacier using an API key scoped to a specific user's identity and workspace. Claude's permissions are determined by the role of the user whose API key is in use.
If you connect Claude with an admin-role API key, Claude can create columns, update project settings, and invite members. If you use a member-role API key, Claude is limited to board and doc operations.
For most teams, connecting Claude with a member-role key is the right default.