August 2025, Cue North. [email protected]
Cue North helps healthcare organizations design smarter systems and simpler digital tools with modern platforms and automation.
Introduction
As Airtable usage grows within an organization, more people are interacting with critical data every day. Without clear guardrails, this can lead to data integrity issues, accidental changes, or unauthorized access. To safeguard accuracy and ensure Airtable scales effectively, consistent governance is essential.
Who should use this guide
- Client Admins / Workspace Owners: to oversee account governance and role assignments
- Interface-only Users: to understand how to safely interact with Airtable data
- Cue North: to provide technical support, governance, and strategic oversight
What to do with this information
- Review all current user roles and permissions in your Airtable enterprise workspace and individual bases
- Adjust access so most users are Interface-only by default
- Limit Creator/Editor roles to only those who require schema-level control
- Implement the best practices outlined here as soon as possible to prevent future risks and maintain long-term data quality
Airtable Roles
Definitions
Airtable permissions determine how much control each user has. Understanding them is essential for maintaining data security and accuracy.
- Workspace Owner
- Manages billing and the enterprise account
- Can invite/remove members and assign admin rights
- Has access to audit logs and SSO/security settings
- Workspace Admin
- Manages workspace members and role assignments
- Controls workspace-level settings
- Base Creator
- Full base control: add/edit tables, fields, views, automations, and interfaces
- Can delete schema elements (high risk if misused)
- Base Editor
- Can add, edit, and delete records
- Cannot modify schema, automations, or permissions
- Commenter
- Can view data and comment on records
- Cannot edit or create data
- Read-only
- Can view data only, no comments or edits
- Interface-only
- Interacts only through Interfaces (forms, dashboards, workflows)
- Cannot open or edit raw tables or views
Cheat Sheet
| Role |
Permissions |
Who Should Have It |
Tips |
| Workspace Owner |
Manage billing, enterprise account, SSO, audit logs, invite/remove members, assign admins |
Client leadership |
|
| (1–2 max) |
Keep ownership internal; never assign to external partners; rotate only if business ownership changes |
|
|
| Workspace Admin |
Manage user roles, invite/remove users, assign base-level permissions, control workspace settings |
Client Admins |
|
| (IT, Ops, leadership) |
Review permissions quarterly; default new users to Interface-only; minimize number of workspace admins |
|
|
| Base Creator |
Full base control (schema, fields, views, automations, interfaces, deletions) |
Cue North + small client governance group |
Keep to <5 trusted users; always test changes in sandbox; document schema changes |
| Base Editor |
Add, edit, delete records; cannot change schema |
Rare |
|
| (select client Admins if necessary) |
Avoid for general staff (they should use Interfaces); monitor for errors |
|
|
| Commenter |
View + comment, no edits |
Advisors, stakeholders, external reviewers |
Use when feedback is needed but no edits required |
| Read-only |
View only, no comments or edits |
External auditors, leadership for visibility |
Good for compliance and oversight |
| Interface-only |
Interact only through Interfaces; cannot see/edit raw tables |
Most staff (default role) |
Prevents accidental edits; ensures structured entry; train on interfaces |
Best Practices by Role
1. Client (Workspace Owner & Admin)
The client owns the Airtable enterprise workspace and has ultimate responsibility for account governance.
Governance & Permissions
- Manage workspace billing, SSO, and enterprise-level security
- Invite/remove users and assign roles (default: Interface-only)
- Limit Creator/Editor roles and review permissions quarterly
- Approve major schema or process changes before deployment
Security & Sharing
- Enforce interface-first policy for all staff
- Disable base-level sharing unless necessary
- Use protected or domain-restricted links for external sharing
- Remove old or unused share links
Backups & Recovery
- Ensure Cue North or Admins configure automated backups (CSV + attachments)
- Review quarterly backup status and test recovery procedures
Compliance & Oversight
- Retain Workspace Owner status internally (not external partners)
- Act as escalation point for permission or access disputes
2. Interface-only User (most client users)
Interface-only users interact with Airtable exclusively through guided Interfaces. Their focus is accurate, structured data entry and safe collaboration.
Data Entry & Accuracy
- Always use assigned Interfaces (forms, dashboards) for updates
- Follow dropdowns, checkboxes, and validation prompts as designed
- Search before creating new records to avoid duplicates
- Complete all required fields before submitting
Security & Permissions
- Do not request base-level access unless approved
- Never share interface links externally without authorization
- Do not download or export data unless explicitly permitted
Collaboration & Communication
- Use record comments to flag issues or questions
- Report errors, duplicates, or confusing interfaces to Admins
- Follow naming/tagging conventions consistently
Accountability
- Be deliberate when editing; all actions are logged
- Ask Admins for help instead of making unapproved changes
3. Cue North (Super Admin / Technical Partner)
Cue North serves as the technical authority and partner, with responsibility for schema design, automations, integrations, and governance support.
System Architecture
- Design and document schema for scalability
- Define naming conventions for tables, fields, automations
- Segment bases by business domain and use synced tables for shared data
Automations & Integrations
- Build, test, and maintain automations inside Airtable
- Use Zapier/Make/API for high-volume or complex workflows
- Document all automations and dependencies