Members and roles
Linear provides several role types to help you control access and permissions across your workspace. Each role gives team members the right level of access—from full administrative control to limited guest visibility.
Overview
Administrative roles can manage workspace members and their from Settings > Administration > Members. This page lists all active and suspended members and allows filtering by role or status (Pending invites, Suspended, or users who have left the workspace).
On Enterprise plans with SCIM enabled, some or all member management will be accomplished through your IdP instead of the Members settings page.
Managing User Roles
Changing a Member's Role
To update a user’s role:
- Go to
- Hover over a member’s row
- Click the overflow menu (⋯)
- Select the Change role...
Viewing Workspace Admins
Any member who needs to quickly identify workspace administrators can:
- Open Command menu Cmd/Ctrl K and select View workspace admins
- Navigate directly to linear.app/settings/view-admins
Suspending Members
Administrative roles can suspend a member from the workspace:
- Go to Settings > Administration > Members
- Hover over a member’s row
- Click on the overflow menu (⋯)
- Select Suspend user...
Suspended users lose all access immediately and are removed from your next billing cycle. They remain visible in the members list for historical purposes—for example, when viewing issues they created or were assigned to.
To view issue activity for a suspended user, visit their profile page at:linear.app/<workspace-name>/profiles/<username>
Admins can access this link from the user’s avatar or by filtering the Members page for Suspended users.
Role types
Owners
The workspace owner role is only available on Enterprise plans
Workspace owners have full administrative control, including access to the most sensitive settings such as billing, security, audit log, workspace exports, and approvals and team access management for OAuth applications. Admins in these workspaces, by contrast, have more limited permissions—ideal for routine workspace management.
In workspaces that need more flexibility, workspace owners can configure which roles can perform certain workspace-level actions via Settings > Administration > Security under the "Workspace restrictions" section.
Workspaces with brand new SCIM setups should create a linear-owners group to manage workspace owners, in addition to any other role groups described here. If you are upgrading an existing workspace that uses SCIM to the Enterprise plan, please look at the section below to understand what actions you need to take.
Changes when upgrading to the Enterprise plan
Upon moving an existing workspace from a non-Enterprise plan to the Enterprise plan:
- All current admins are automatically upgraded to workspace owners
- The new, limited workspace admin role becomes available
- Regular members and guest users remain unchanged
Workspace owners can now assign users to the new admin role as needed.
Migrating from admins to owners with SCIM
If your workspace has SCIM enabled and is currently managing permissions via linear-admins:
- The group will now control workspace owners, not admins
- All users in
linear-adminswill become owners - The group name itself will not change automatically
If you want to start managing admins as well, you can do one of the following:
Option 1: Rename the admins group
Only use this option if your Identity Provider supports syncing group name changes, e.g., via Okta’s “Rename app groups to match group name in Okta” setting.
If your IdP does not support this—or you'd prefer not to enable this setting—skip ahead to the second option.
- Rename the
linear-adminsgroup tolinear-ownersin your IdP - Create a new
linear-adminsgroup and push it to Linear - Move users who should be admins from
linear-ownersinto the newlinear-adminsgroup
Option 2: Re-link the admins group
Use this option if your IdP does not support syncing group name updates
- Create a new group called
linear-owners - Unlink the existing
linear-adminsgroup from Linear in your IdP - Move intended owners from the old
linear-adminsgroup into the newlinear-ownersgroup - Push both
linear-adminsandlinear-ownersgroups to Linear
Admin
Admins have elevated permissions to manage routine workspace operations. This role is well-suited for managers, team leads, and operations-focused members.
Free plan behavior:
All workspace members become admins automatically.
Basic and Business plan behavior:
The user who upgrades the workspace is granted the admin role.
Enterprise plan behavior:
Admins will have limited permissions.
Member
Members can collaborate across teams they have access to and use all standard workspace features. They cannot access workspace-level administration pages
Guest
Guest accounts are only available on Business and Enterprise plans.
Guest accounts grant restricted access to specific teams only—ideal for contractors, clients, or cross-company collaborators.
Guests can:
- Access issues, projects, and documents for the teams they are explicitly added to
- Take the same actions as Members within those teams
Guests cannot:
- View workspace-wide features such as workspace views, customer requests, or initiatives
- Access settings beyond their own Account tab
Sharing projects with guests
If a project spans multiple teams:
- Guests will only see issues belonging to the teams they’re part of
- They will still see the project shell, but only with their allowed team’s issues visible
Integration security
Integrations enabled for the workspace will be accessible to guest users, which could potentially allow them to access Linear data from teams outside those they're invited to join. To prevent data leakage:
- For Linear-built integrations (GitHub, GitLab, Figma, Sentry, Intercom, Zapier, Airbyte): Ensure guest users don't have access to your accounts on those services
- For integrations requiring email authentication (Slack, Discord, Front, Zendesk): These should automatically limit access to only issues and data in invited teams
- For third-party integrations: review access individually or contact the integration provider in the Integrations directory.