Preset Feature Feedback
What is the problem or goal you're trying to solve or accomplish?
Customers want to ensure the “Request Access” approval flow follows least-privilege by default. Specifically, when a Team Admin approves an access request to a workspace asset, the granted role should not default to “Primary Contributor” if the team’s default workspace role is set to something more restrictive (e.g., “Dashboard Interactor”). Ideally, admins should be able to choose the role at approval time to prevent accidental over-permissioning and reduce risk of unintended data exposure.
How are you solving it currently?
Manually managing permissions/invites after the fact (e.g., approving then downgrading role, or inviting users explicitly with the correct role).
Considering disabling the access-request flow entirely to avoid “one-click over-grant” risk, at the cost of adding friction and extra admin work for legitimate access requests.
What is your recommended solution?
At minimum: The access-request approval flow should respect the Team-level default workspace role (so the email and approval action grants the configured default, not “Primary Contributor”).
Preferred: When a Team Admin clicks “Approve Access,” they should be able to select the workspace role to grant (or have an “Approve as default role” + “Approve with different role” option).
Optional enhancement: Allow teams to configure/lock what role is used for access requests (e.g., only allow “Dashboard Interactor” via this flow), reducing the risk of accidental data leakage.
