Roles & Permissions

Written By Vik

Last updated 5 months ago

Wauld is a collaborative platform that balances flexibility with security. Organizations often have multiple users working across accounts, workspaces, and engagements from administrators to designers to recipients. To ensure smooth collaboration while protecting sensitive data, Wauld uses a role-based access control (RBAC) system.

This article explains:

  • The role hierarchy in Wauld.

  • Detailed permissions granted to each role.

  • How permissions flow across accounts and workspaces.

  • What actions each role can and cannot perform.

Why Roles and Permissions Exist

  • Security – Protect organizational and recipient data from unauthorized changes.

  • Clarity – Ensure that each user only sees the tools relevant to their responsibilities.

  • Collaboration – Enable teams to work together without stepping on each other’s tasks.

  • Accountability – Provide clear audit trails.

The Hierarchy of Roles in Wauld

Permissions flow top-down. Higher roles can do everything the roles below them can, plus more. Lower roles are restricted to focused tasks.

Hierarchy Flow:

  1. Account Owner (highest authority)

  2. Workspace Admin

  3. Workspace User

  4. Designer

  5. Recipient

  6. Logged-in/Public User (limited verification/view-only access)

Roles

1. Account Owner

The Account Owner is the highest authority in Wauld. They control the organization-level settings and oversee all workspaces.

Key Abilities:

  • Create and delete accounts.

  • Manage organization details and verification.

  • Upload and delete organization assets (logos, backgrounds).

  • Manage billing and subscriptions.

  • Create and archive workspaces.

  • Invite or remove co-owners and manage workspace access.

  • Export user data and resend invites.

2. Workspace Admin

The Workspace Admin controls a single workspace but not the entire account. They manage day-to-day credential operations for that workspace.

Key Abilities:

  • Create, edit, and delete engagements.

  • Create, edit, and delete documents within engagements.

  • Issue credentials (bulk or individual).

  • Void, edit, or resend issued credentials.

  • Approve/reject recipient change requests.

  • Manage workspace users and roles.

Limitations:

  • Cannot archive the workspace.

  • Cannot modify account-level settings or assets.

3. Workspace User

The Workspace User role is designed for operational staff issuing credentials.

Key Abilities:

  • Create, edit, and delete engagements.

  • Create, edit, and delete documents within engagements.

  • Add and manage recipients.

  • Issue credentials (individual or bulk).

  • Approve/reject change requests.

Limitations:

  • Cannot update workspace settings.

  • Cannot manage other users.

  • Cannot create or archive workspaces.

4. Designer

The Designer role is specialized for users focused on visual and design tasks.

Key Abilities:

  • Create, edit, and delete engagements.

  • Create, edit, and delete documents within engagements.

  • Access the Design Studio.

  • Create and edit document templates.

  • Add attributes, signatures, and QR codes.

  • Modify fonts, colors, logos, and layouts.

Limitations:

  • Cannot issue credentials.

  • Cannot manage recipients.

  • Cannot approve or reject change requests.

5. Recipient

Recipients are the end-users; learners, employees, or participants; who receive credentials from issuers.

Key Abilities:

  • View and download issued credentials.

  • Share credentials via link, email, or LinkedIn.

  • Submit change requests (with documents if needed).

  • Manage their profile and password.

Limitations:

  • Cannot issue, edit, or manage credentials belonging to others.

  • Cannot access organizational settings.

6. Logged-in/Public User

These are individuals outside your account who access Wauld through credential links or the verification system.

Key Abilities:

  • View credential verification pages.

  • Confirm authenticity through the verification layer.

  • See issuer verification badges.

Limitations:

  • Cannot edit, issue, or manage credentials.

Permissions Breakdown

Here’s how permissions are distributed across roles:

  • Account Owner → Complete control (account + workspaces)

  • Workspace Admin → Full control at the workspace level

  • Workspace User → Issuing & recipient management only

  • Designer → Document design only

  • Recipient → Manage their own credentials

  • Public/Logged-in User → Verification only

Permissions Matrix

Action Area

Account Owner

Workspace Admin

Workspace User

Designer

Recipient

Public/Logged-in

Account Management

Create / Delete / Edit account, manage organization details & assets, initiate verification

View only

Workspace Management

Create, archive, unarchive, edit workspaces

Manage workspace details & users

View workspace, no edits

User & Role Management

Invite/remove co-owners, assign roles, export user data

Manage workspace users & roles

Engagements

Full control

Create, edit, delete engagements

Create & edit engagements

Create & edit engagements

Documents

Create, edit, delete documents

Create, edit, delete documents

Create, edit documents

Create & design documents only

Design Studio

Full design access

Full design access

Full design access

Full design access

Credentials – Issue

Issue credentials (bulk/individual)

Issue credentials (bulk/individual)

Issue credentials (bulk/individual)

Credentials – Manage

Edit, void, resend, republish

Edit, void, resend, republish

Edit, void, resend, republish

Change Requests

Approve/reject

Approve/reject

Approve/reject

Submit requests

Reports & Analytics

Download all reports (Engagement, Document, Published)

Download reports

Download reports

Credential Access

View all credentials

View credentials

View credentials

View credentials

View their own only

View shared credentials only

Verification

Verify own credentials

Verify shared credentials