How to set user permissions and manage team roles in Topo

So you’ve rolled out Topo to your team, or you’re about to—and now you want to make sure the right people have the right access. Maybe you’ve got one person asking for admin powers, someone else who shouldn’t see sensitive stuff, and a few folks who just need to get their work done without tripping over settings they don’t understand.

This guide is for admins, team leads, or anyone who has to wrangle users in Topo. We’ll walk through practical steps for setting up roles and permissions, flag the stuff that’s confusing, and share what actually matters (and what you can skip).

Why Permissions and Roles Matter (And Where Things Get Messy)

Let’s be honest: user permissions and roles are usually a headache. Get it wrong and you find out the hard way—someone sees something they shouldn’t, or they can’t do their job because they’re locked out of basic features.

Topo gives you a handful of tools to manage this, but it’s not always obvious what each setting does or how to avoid the classic pitfalls (like everyone being an admin “just to be safe”). The good news: you don’t need a PhD in access control to get things set up right. You just need to know which levers to pull.

Step 1: Get to Know Topo’s User Roles

Topo keeps things (relatively) simple with a role-based access model. Out of the box, most teams get three main roles:

  • Owner/Admin: Top of the food chain. Can do anything—manage users, change billing, delete data, the works.
  • Editor/Member: Can create, edit, and use most features, but can’t nuke your workspace or mess with billing.
  • Viewer/Guest: Can see stuff but not change it. Useful for clients, auditors, or new hires you’re still onboarding.

Pro tip: Naming might vary a bit depending on your Topo plan or how your workspace is set up. If you see “Custom Role” or “Manager,” check your workspace’s settings or documentation.

What works: The fewer admins, the better. Only give admin rights to people you trust to not break things (or who have to fix things).

What to ignore: Don’t stress about creating a dozen custom roles until your team actually needs them. Start with the basics.

Step 2: Audit Your Current Team Access

Before you start handing out roles, see who already has what. In Topo, head to the “Team” or “Users” section (sometimes it’s labeled “Workspace Members”—Topo likes to keep us guessing).

  • Scan the list of users.
  • Check each person’s current role.
  • Look for any surprises—especially if you inherited the workspace from someone else.

If you find a bunch of inactive users or people with admin rights who shouldn’t, now’s the time to clean house. There’s no prize for the biggest user list.

Honest take: You’ll probably find at least one person with more access than they need. That’s normal. Just fix it.

Step 3: Decide Who Needs What (Don’t Overthink It)

Ask yourself two questions for each person: 1. Do they need to change settings or invite other users? (If yes, that’s an admin.) 2. Do they need to create or edit stuff, or just view it?

Rules of thumb: - Admins: Limit to 1–3 people, tops. More than that and you’ll regret it. - Editors/Members: Most of your team. - Viewers/Guests: Anyone who just needs to look but not touch.

Don’t get stuck trying to design the “perfect” permission structure from day one. Roles can be changed later. It’s better to start simple and adjust as you go.

Step 4: Add or Remove Users

If you need to invite new people or kick someone out, here’s how:

To add a user:

  1. Go to your workspace’s “Team” or “Users” tab.
  2. Click “Invite User” or “Add Member.”
  3. Enter their email.
  4. Select the right role (see above).
  5. Send the invite.

Pro tip: If you’re not sure what role someone needs, start them as a Viewer. You can always bump them up later.

To remove a user:

  1. Find them in the user list.
  2. Click the three dots (⋮) or “More Options.”
  3. Select “Remove from Workspace” (or similar).
  4. Confirm.

What works: Removing users right away when they leave the team. Don’t let old accounts pile up—it’s a security risk.

Step 5: Change Someone’s Role

Maybe someone got promoted or switched teams. To change their permissions:

  1. Go to the “Team” or “Users” list.
  2. Find the user.
  3. Click on their current role (it’s usually a dropdown).
  4. Pick the new role.
  5. Confirm.

Gotchas: - Some changes might require you to have admin rights. - If you downgrade yourself from admin, you might not be able to change it back without help. - In some Topo plans, role changes kick off an email notification (sometimes annoying, sometimes helpful).

Step 6: Fine-Tune Permissions (If You Really Need To)

Some versions of Topo let you create custom roles or tweak permissions at a granular level (e.g., “Can edit projects but not delete them”).

Here’s how to approach it: - Only bother with custom roles if you have a real need—like a contractor who should edit one folder but not the whole workspace. - Generally, the default roles are enough for most teams.

If you do need custom roles: 1. Look for a “Roles” or “Permissions” tab in your workspace settings. 2. Click “Create Role” or “Customize Permissions.” 3. Set the specific permissions (read, write, delete, etc.). 4. Assign the custom role to the right users.

What works: Using custom roles for clear, one-off needs. What doesn’t: Building a crazy, 10-level hierarchy no one understands. That just slows you down.

Step 7: Review Regularly (But Don’t Obsess)

Set a reminder to check permissions every couple of months—or whenever your team changes.

  • Remove users who left.
  • Downgrade roles if responsibilities changed.
  • Make sure no one’s stuck with admin rights by accident.

Pro tip: Permissions drift over time. Don’t let it sneak up on you.

Pitfalls to Avoid

  • Too many admins: It’s tempting, but it’s risky. Fewer is safer.
  • Not reviewing roles: Stuff changes fast. What made sense six months ago might be a mess now.
  • Ignoring inactive users: Old accounts can be exploited. Keep your list clean.
  • Assuming custom roles solve everything: They add complexity. Use only if necessary.

FAQ: Common Permission Headaches

Q: Can a Viewer see sensitive data?
A: Depends on how your workspace is structured. In most cases, Viewers can see anything that isn’t explicitly restricted. If you have truly sensitive info, double-check folder/project permissions.

Q: What if someone needs temporary access?
A: Give them the role they need, set a calendar reminder, and downgrade them when done. Topo doesn’t do temporary access out-of-the-box.

Q: Does changing someone’s role kick them out of the app?
A: No, but they might need to refresh or log back in to see their new permissions.

Q: What about integrations or bots?
A: Treat them like users—give only the access they need, and nothing more.

Final Thoughts: Keep It Simple, Iterate as You Go

Managing permissions in Topo isn’t rocket science, but it’s easy to overcomplicate things. Start small, stick to the default roles until you really need more, and review your setup once in a while. The fewer people with admin rights, the less likely you are to get burned.

Most problems come from trying to plan for every corner case up front. Don’t. Make changes when you have to, document the basics, and move on.

If you’re not sure about a setting, test it with a dummy account. And remember: it’s easier to loosen restrictions than to rein them in after the fact.

You’ve got this. Now go keep your Topo workspace clean and your team productive.