Skip to content

User Roles

1.0 Enterprise Edition

In SeaTable Enterprise Edition (SeaTable EE), a user's permissions are determined by the role assigned to the user.

SeaTable has two standard roles. Additionally, extra roles can be created for more fine-grained permission management. All changes relating to the SeaTable's roles are done in the configuration file

NOTE: Admin privileges are not part of the user role.

Available Permissions

The following permissions are supported/deleted in the latest SeaTable version:

Permission Added in version Deleted in version Description Additional information
can_add_dtable 1.0 Permission to create bases.
can_add_group 1.0 Permission to create groups. The user creating a group becomes automatically the group's owner. The permission can_add_dtable is necessary to create bases inside a group.
can_use_global_address_book 1.0 Enables autocomplete of names and emails of other users in the system. If cloud_mode = True in, autocomplete is disabled for personal accounts and autocomplete is enabled inside teams.
can_generate_external_link 1.0 Permission to create external links.
can_generate_share_link 1.0 2.6 Permission to create invite links. Deprecated because of redundancy with can_generate_external_link.
role_asset_quota 1.0 Storage quota for files and images inside a user's bases. '1G' means a storage quota of one gigabyte; an empty value '' means no storage quota. Files in shared bases owned by other users do not count against the user's storage quota.
row_limit 1.0 Row limit for all bases of the user. 10000 means a limit of 10,000 rows; -1 means no row limit. Rows in shared bases owned by other users do not count against the row limit. Archived rows does not count against the limit either.
can_create_common_dataset 1.0 Permission to create common datasets (CDS). If set to False, the user cannot create CDS, but the user can access existing CDS.
can_use_advanced_permissions 1.1 Permission to use advanced permissions. Advanced permissions include table permissions, column permissions, view share, custom sharing permissions, row locking.
can_use_advanced_customization 2.0 Permission to use advanced security customizations. Advanced customization includes base security settings.
can_run_python_script 1.4 Permission to run Python scripts. The execution of Python scripts requires the installation of Python Pipeline.
snapshot_days 2.1 Retention period for snapshots in days. 180 (without quotes) means a storage period of 180 days; no value means an unlimited retention period. Snapshots older than the retention period are automatically removed.
can_use_external_app 2.2 Permission to use external apps. If set to False, the menu is not shown.
can_use_automation_rules 2.2 Permission to create and run automation rules.
scripts_running_limit 2.3 Number of Python scripts a user can run within a month. 100 (without quotes) means 100 script runs per month; -1 (without quotes) means unlimited script runs. The script run counter is reset at the beginning of every month. Only visible if can_run_python_script = True and Python Runner is available.
can_schedule_run_script 2.3 Permission to schedule the execution of Python scripts. The permission can_run_python_script is also necessary to automatically run Python scripts.
can_archive_rows 2.3 Permission to archive rows. If set to False, the user cannot archive rows and cannot create archive views.
big_data_row_limit 3.1 Row limit in big data storage for all bases of a team. Similar as 'row_limit' mentioned above This item is used for the role of teams rather than users. If not set, default is no limit

Standard Roles

The two standard roles defaultand guestare defined as follows:

    'default': {
        'can_add_dtable': True,
        'can_add_group': True,
        'can_use_global_address_book': True,
        'can_invite_guest': False,
        'role_quota': '',
        'role_asset_quota': '',
        'row_limit': -1,
        'can_create_common_dataset': True,
        'can_generate_external_link': True,
        'can_run_python_script': True,
        'can_schedule_run_script': True,
        'scripts_running_limit': -1,
        'can_use_advanced_permissions': True,
        'can_use_advanced_customization': True,
        'can_use_external_app': True,
        'can_use_automation_rules': True,
        'snapshot_days': 180,
        'share_limit': 100,
        'can_archive_rows': True,
        'big_data_row_limit': -1
    'guest': {
        'can_add_dtable': False,
        'can_add_group': False,
        'can_use_global_address_book': False,
        'can_invite_guest': False,
        'role_quota': '',
        'role_asset_quota': '',
        'row_limit': -1,
        'can_create_common_dataset': False,
        'can_generate_external_link': False,
        'can_run_python_script': False,
        'can_schedule_run_script': False,
        'scripts_running_limit': -1,
        'can_use_advanced_permissions': False,
        'can_use_advanced_customization': False,
        'can_use_external_app': False,
        'can_use_automation_rules': False,
        'snapshot_days': 30,
        'share_limit': 100,
        'can_archive_rows': False

If you want to edit the standard roles, copy the above codeblock to dtable_web_settings.pyand modify as per your needs. Restart SeaTable for the changes to take effect.

Custom Roles

You can add extra roles by extending the codeblock in

To add a role employee, for example, add the following lines (beginning at 'employee' and ending at }, ) to the existing role definition.

    'employee': {
        'can_add_dtable': True,
        'can_add_group': False,
        'can_create_common_dataset': False

Restart SeaTable for the new role to become available in SeaTable.