Security and data · 3 min
User roles and access
The four workspace roles — owner, reviewer, viewer, and external attester — and what each can do.
Help baseline: 2026-06-15
Four workspace roles
DefenceFile has four roles. Each role grants a different set of permissions in the workspace. Roles are assigned at account setup — contact your account owner to change a role.
- Workspace owner — full read and write access, including board-pack export and sign-off.
- Compliance reviewer — can review and decide on evidence items; cannot export the board pack.
- Viewer — read-only access to the workspace and evidence register.
- External attester — zero-login access to submit an attestation via a scoped link; no workspace access.
What each role cannot do
Roles are restrictive by default — users can only see and act on data their role permits.
- Compliance reviewers cannot sign the board-pack attestation or export the final pack.
- Viewers cannot upload, review, or send evidence requests.
- External attesters cannot see any workspace data — they see only the pre-filled attestation form for their scoped link.
- No role can access another tenant's data.
Audit trail for all decisions
Every review decision, export, and attestation is recorded in the audit trail with the acting user's role, timestamp, and the event type. The audit trail is read-only and cannot be edited.
- The audit trail records who did what and when, not just what changed.
- Reviewer decisions include the role, the evidence item, and any note added at the time of review.
- The audit trail is exportable as a CSV from /audit.
Boundary
DefenceFile help explains workflow operation. It does not provide legal advice, create privilege, certify scope, certify reasonable procedures, or guarantee that a statutory defence will succeed.
Request pilot review