Permission & Access Control

"Invite" is the consensus verb for adding people to a workspace, used by Figma, Slack, GitHub, Airtable, Atlassian, Asana, Linear, and Trello. Only Notion uses "Add members" instead. The distinction matters: "invite" implies the person has agency to accept or decline, while "add" implies the admin is placing them directly.

Almost every system separates its member list into meaningful segments. GitHub has the deepest segmentation with 6 sidebar sections including a dedicated "Failed invitations" section for debugging delivery issues. Asana is the only system with a "Removed" tab, keeping a record of deprovisioned users. Airtable separates "Collaborators" from "Pending invites" at the workspace level. For compliance, 4 of 10 systems offer CSV export: Slack, GitHub, Airtable, and Linear. Asana adds CSV import for bulk onboarding.

Airtable shows "5 editors, 50 commenters" with usage bars on its collaborator settings page. Asana displays "1 of 2 members invited. Upgrade to add more members." Trello shows a "1/10" collaborator count with an upgrade prompt. The remaining 7 systems hide seat limits from the member list entirely, surfacing them only in billing settings.

The simplest permission model is Linear's 2-tier system (Admin and Member), while Asana has the most complex at 8 tiers spanning org and resource levels. The median across all 10 systems is 6 tiers. Figma, GitHub, Atlassian, and Notion each have 7 tiers but structure them differently: Figma ties roles to billing (Full at $20/mo, Dev at $15/mo), while GitHub splits 2 org roles from 5 repo roles.

The majority of systems separate org-level roles (controlling workspace access) from resource-level roles (controlling what you can do with a specific file or project). Only Slack and Linear use flat org-level roles, meaning your workspace role determines everything — you cannot grant someone "Editor" on one project but "Viewer" on another. This forces over-permissioning, giving everyone broad access to avoid blocking people. GitHub demonstrates the strongest two-layer model: 2 org roles (Owner, Member) paired with 5 repo roles (Admin, Maintain, Write, Triage, Read).

Trello, Figma, Slack, and Airtable offer shareable invite links alongside email invitations. Trello shows "Invite with link" as a secondary option with the collaborator limit ("1/10") visible. Figma offers both email and link tabs in the same modal with configurable permission levels per link. Airtable adds a domain restriction option to its invite links, limiting access to specific email domains.

Share dialogs follow a consistent three-tier visibility model: restricted (only people invited), organization-wide (everyone at the workspace), and public (anyone with the link). Notion labels these "Only people invited," "Everyone at casestudyclub," and "Anyone on the web with link." Every system defaults to the most restrictive tier. No system defaults to public or org-wide access.

Of the 7 systems with access-denied surfaces, 4 offer actionable recovery paths: request access, switch accounts, or contact an admin. The remaining 3 leave users at a dead end with no way to self-resolve. Notion provides the strongest pattern: a "Request access" button, a "Back to my content" escape, and the logged-in account displayed at the bottom. Airtable is the worst offender, showing only "Sorry, we were unable to accept the invite" with no CTA, no explanation, and no next step. Dead-end denied pages generate avoidable support tickets.

GitHub, Slack, Linear, Airtable, and Asana offer no way for a blocked user to request access. If you lack permission, your only option is to contact someone outside the product via email, Slack DM, or walking to their desk. Of the 5 systems that do have request flows (Figma, Notion, Dropbox, Trello, Atlassian), 4 show the logged-in account and offer account switching on the request page.

Six of 9 systems use "Remove" as the primary verb for revoking someone's access. Notion uses "Continue," Slack uses "Deactivate," and Linear uses "Confirm." "Continue" is the worst offender because it is the standard CTA for proceeding through a multi-step flow, not for removing someone. "Confirm" is equally vague because it does not describe the action being confirmed. GitHub takes the best approach by embedding the username in the CTA itself: "Remove haalandjan from this repository," eliminating any ambiguity about who is being removed.

The dominant pattern for presenting roles is a dropdown where each option includes a 1 to 2 sentence capability description. GitHub shows 5 repo roles (Read, Triage, Write, Maintain, Admin) each with a clear one-sentence summary. Slack and GitHub are the only 2 systems that also offer a full permission matrix with all roles as columns and permissions as rows. Atlassian is alone in using group-based assignment.

Linear is the only system that uses technical language ("Authentication error") as its access-denied headline. Users do not think in HTTP status codes or auth protocols. The word "authentication" sounds like something is broken, not that they lack permission. Notion uses "No access to this page" and Asana uses "It looks like you don't have access to this," both of which explain the situation in plain language.