Permissions
CardBoard authorizes in two layers: the organization (workspace) and the board. Card actions inherit from the board — if you can update a board, you can edit its cards. There’s no separate card-level permission.
The tracker-sync rule
Section titled “The tracker-sync rule”This is non-obvious from the matrix alone: a guest with the board Editor role can edit cards — but gets a 403 on a tracker-linked card. State it explicitly when onboarding guests.
The same member-identity rule covers directing MCP agents: because an agent acts in your name, a guest can’t drive one — only members can.
Organization roles
Section titled “Organization roles”There are four tiers for permission purposes: Owner (billing), Admin, Member, Guest.
| Action | Who |
|---|---|
| View organization | Member/Admin (guests denied) |
| Create board | Member/Admin, within capacity |
| Use integrations | Member (not guest); available on every plan, including Free |
| View guests | Org admin only |
| Manage members / settings / transfer / reports | Admin or Owner |
| Manage billing, change plan, destroy org | Owner only |
Board roles
Section titled “Board roles”Board collaboration roles are Manager, Editor, Viewer, with workspace-admin override (an admin is always a manager).
| Action | Who |
|---|---|
| View board | Manager / Editor / Viewer, or guest with read token |
| Edit cards, dividers, outcomes, stickers | Manager / Editor |
| Edit a tracker-linked card | Manager / Editor and workspace member (billing active) |
| Manage collaborators / share / change tracker | Manager (or workspace admin) |
| Delete board | Manager or org admin — denied on Free plan |
| Export | Member (not guest) |
| Recover a deleted board | Manager or admin |
Layering
Section titled “Layering”Workspace admin always wins (implicitly a manager on every board). An explicit board role overrides the workspace-member default. Guests get only the board roles they’re explicitly granted. For the access model in practice, see Workspaces & access.