'%20fill='%23fff'%3e%3cpath%20d='M24%20364.337V24h141.909c25.481%200%2046.833%203.601%2064.056%2010.803%2017.222%207.191%2030.183%2017.279%2038.882%2030.24s13.049%2027.972%2013.049%2045.041c0%2012.961-2.72%2024.513-8.148%2034.645-5.429%2010.142-12.906%2018.534-22.431%2025.174-9.526%206.651-20.548%2011.299-33.069%2013.953v3.325c13.732.661%2026.451%204.383%2038.134%2011.134%2011.684%206.762%2021.077%2016.155%2028.168%2028.17%207.092%2012.025%2010.638%2026.231%2010.638%2042.628%200%2018.281-4.647%2034.601-13.952%2048.939-9.305%2014.35-22.762%2025.648-40.381%2033.908-17.607%208.248-38.992%2012.377-64.143%2012.377H24zm82.258-200.414h45.534c8.975%200%2016.947-1.497%2023.929-4.493s12.432-7.312%2016.374-12.961c3.931-5.65%205.902-12.466%205.902-20.439%200-11.409-4.041-20.384-12.135-26.926-8.082-6.53-18.995-9.801-32.738-9.801h-46.866v74.62zm0%20134.109h50.853c17.839%200%2030.987-3.381%2039.466-10.131%208.479-6.762%2012.708-16.178%2012.708-28.247%200-8.755-2.049-16.309-6.145-22.686-4.096-6.365-9.922-11.298-17.443-14.789-7.532-3.491-16.561-5.231-27.089-5.231h-52.339v81.095l-.011-.011zM388.865%2024v340.337h-81.256V24h81.256zm181.618%20230.159V109.082h81.091v255.255h-77.435v-47.529h-2.665c-5.649%2015.616-15.263%2028.004-28.829%2037.145-13.578%209.14-29.941%2013.71-49.102%2013.71-17.398%200-32.683-3.986-45.864-11.97-13.181-7.973-23.433-19.14-30.745-33.489s-11.023-31.165-11.133-50.437V109.082h81.256v146.739c.11%2013.854%203.766%2024.767%2010.968%2032.74s17.002%2011.96%2029.413%2011.96c8.082%200%2015.372-1.795%2021.847-5.407%206.486-3.601%2011.628-8.865%2015.45-15.781%203.821-6.927%205.737-15.318%205.737-25.174h.011zm224.376%20115.002c-26.704%200-49.718-5.286-69.044-15.869-19.337-10.583-34.181-25.703-44.532-45.371-10.362-19.668-15.537-43.069-15.537-70.215s5.208-49.445%2015.614-69.212c10.418-19.779%2025.096-35.174%2044.037-46.197s41.261-16.53%2066.962-16.53c18.17%200%2034.787%202.83%2049.851%208.48s28.08%2014.007%2039.048%2025.086%2019.501%2024.734%2025.591%2040.966%209.14%2034.81%209.14%2055.756v20.273H694.145v-47.199h146.226c-.11-8.633-2.159-16.342-6.145-23.104s-9.448-12.047-16.374-15.869-14.866-5.726-23.841-5.726-17.233%202.015-24.424%206.057c-7.202%204.052-12.906%209.537-17.112%2016.452-4.207%206.927-6.431%2014.757-6.652%2023.512v48.025c0%2010.417%202.049%2019.525%206.145%2027.332s9.911%2013.876%2017.454%2018.193c7.532%204.317%2016.506%206.486%2026.924%206.486%207.201%200%2013.731-1.002%2019.612-2.995%205.869-1.993%2010.912-4.923%2015.119-8.81%204.206-3.876%207.367-8.645%209.47-14.294l74.616%202.158c-3.105%2016.728-9.889%2031.264-20.361%2043.62s-24.182%2021.937-41.129%2028.743c-16.947%206.816-36.559%2010.219-58.825%2010.219l.011.033z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='A'%3e%3cpath%20fill='%23fff'%20transform='translate(24%2024)'%20d='M0%200h892v345.161H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
User Management API
Complete API reference for managing users, invitations, roles, and permissions in Blue workspaces and organizations
Overview
The User Management API provides comprehensive tools for managing team members, controlling access permissions, and organizing your workforce across Blue workspaces and organizations. Whether you’re adding new team members, managing existing users, or defining custom permission structures, these APIs handle all aspects of user lifecycle management.
User management in Blue operates at two levels:
- Workspace-level: Manage users within specific workspaces with workspace-specific permissions
- Organization-level: Manage users across your entire organization with organization-wide access
Available Operations
Core User Management
| Operation | Description | Link |
|---|---|---|
| Invite User | Send invitations to new users with specific access levels | View Details → |
| List Users | Query and filter users in workspaces or organizations | View Details → |
| Remove User | Remove users from workspaces or organizations | View Details → |
Role and Permission Management
| Operation | Description | Link |
|---|---|---|
| Custom Roles | Create and manage custom roles with granular permissions | View Details → |
Access Levels
Blue provides a hierarchical permission system with predefined access levels:
Standard Access Levels
| Level | Description | Capabilities |
|---|---|---|
| OWNER | Full control over workspace/organization | All permissions, can transfer ownership |
| ADMIN | Administrative access | User management, settings, billing |
| MEMBER | Standard team member | Full workspace functionality, limited admin access |
| CLIENT | External client access | Limited workspace visibility, focused on deliverables |
| COMMENT_ONLY | Comment-only access | Can view and comment, cannot edit |
| VIEW_ONLY | Read-only access | Can view content only |
Permission Hierarchy
Users can only invite or manage users at their level or below:
- OWNERS can manage all access levels
- ADMINS can manage ADMIN, MEMBER, CLIENT, COMMENT_ONLY, VIEW_ONLY
- MEMBERS can manage MEMBER, CLIENT, COMMENT_ONLY, VIEW_ONLY
- CLIENTS can only manage other CLIENTS
Key Concepts
User Invitations
- Email-based: Users are invited via email address
- Role assignment: Set access level and optional custom role during invitation
- Multi-workspace: Single invitation can grant access to multiple workspaces
- Expiration: Invitations expire after 7 days
- Automatic notifications: Blue sends email invitations automatically
Workspace vs Organization Access
- Workspace invitation: Grants access to specific workspace only
- Organization invitation: Grants organization-level access, optionally including specific workspaces
- Organization owners: Automatically get ADMIN access to all organization workspaces
- Scope restrictions: Cannot combine workspace and organization invitation parameters
Custom Roles
- Granular permissions: Define specific capabilities beyond standard access levels
- Workspace-specific: Custom roles are scoped to individual workspaces
- Field-level control: Control access to specific custom fields
- Action restrictions: Limit specific actions (create, edit, delete, etc.)
Common Patterns
Inviting a New Team Member
mutation InviteTeamMember {
inviteUser(input: {
email: "[email protected]"
projectId: "web-redesign"
accessLevel: MEMBER
})
}Creating an Organization-Wide Invitation
mutation InviteToCompany {
inviteUser(input: {
email: "[email protected]"
companyId: "company_123"
projectIds: ["project_1", "project_2", "project_3"]
accessLevel: ADMIN
})
}Listing Workspace Users
query ProjectUsers {
projectUsers(projectId: "web-redesign") {
id
user {
name
email
avatar
}
accessLevel
role {
name
permissions
}
invitedAt
joinedAt
}
}Removing a User
mutation RemoveProjectUser {
removeUser(input: {
userId: "user_456"
projectId: "web-redesign"
})
}Creating a Custom Role
mutation CreateCustomRole {
createProjectUserRole(input: {
projectId: "web-redesign"
name: "Content Reviewer"
permissions: {
canCreateRecords: false
canEditOwnRecords: true
canEditAllRecords: false
canDeleteRecords: false
canManageUsers: false
canViewReports: true
}
}) {
id
name
permissions
}
}Permission Management
Standard Permissions Matrix
| Action | OWNER | ADMIN | MEMBER | CLIENT | COMMENT_ONLY | VIEW_ONLY |
|---|---|---|---|---|---|---|
| Invite Users | ✅ All levels | ✅ ADMIN and below | ✅ MEMBER and below | ✅ CLIENT only | ❌ No | ❌ No |
| Remove Users | ✅ All users | ✅ ADMIN and below | ✅ MEMBER and below | ✅ CLIENT only | ❌ No | ❌ No |
| Modify Workspace Settings | ✅ Yes | ✅ Yes | ❌ No | ❌ No | ❌ No | ❌ No |
| Create Records | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Limited | ❌ No | ❌ No |
| Edit All Records | ✅ Yes | ✅ Yes | ✅ Yes | ❌ No | ❌ No | ❌ No |
| Delete Records | ✅ Yes | ✅ Yes | ✅ Yes | ❌ No | ❌ No | ❌ No |
| View Reports | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Limited | ❌ No | ❌ No |
Custom Role Capabilities
- Field-level permissions: Control access to specific custom fields
- Action-specific rules: Allow/deny specific operations (create, edit, delete)
- View restrictions: Limit which records users can see
- Feature toggles: Enable/disable specific features per role
Best Practices
User Onboarding
- Start with standard roles - Use predefined access levels for most users
- Progressive permissions - Begin with limited access, expand as needed
- Clear communication - Include context when sending invitations
- Regular reviews - Audit user access periodically
Security Considerations
- Principle of least privilege - Grant minimum necessary permissions
- Regular access audits - Review user permissions quarterly
- Offboarding process - Remove access immediately when users leave
- Custom role documentation - Document custom role purposes and limitations
Team Organization
- Consistent naming - Use clear, descriptive role names
- Role consolidation - Avoid creating too many similar custom roles
- Organization structure - Align permissions with organizational hierarchy
- Workspace inheritance - Consider how organization roles affect workspace access
Error Handling
Common errors when managing users:
| Error Code | Description | Solution |
|---|---|---|
USER_ALREADY_IN_THE_PROJECT | User already has workspace access | Check current user list before inviting |
UNAUTHORIZED | Insufficient permissions to perform action | Verify your access level and permissions |
PROJECT_NOT_FOUND | Workspace doesn’t exist or no access | Confirm workspace ID and access rights |
INVITATION_LIMIT | Reached invitation limit for billing tier | Upgrade plan or remove inactive users |
ADD_SELF | Cannot invite yourself | Use a different email or have another admin invite you |
COMPANY_BANNED | Organization account is suspended | Contact support to resolve account status |
Rate Limits
User management operations have the following rate limits:
- Invitations: 100 per hour per organization
- User queries: 1000 per hour per user
- Role modifications: 50 per hour per workspace
Related Resources
- Workspaces API - Managing workspaces that contain users
- Records API - Understanding how user permissions affect record access
- Automations API - Automating user management workflows
- Custom Fields API - Managing field-level permissions for custom roles