Credential scope
Scope answers "who can use this credential in their workflows?" Three levels: Personal, Workspace, Organization.
πΈ Screenshot needed:
credentials__scope-picker.png, Credential dialog showing three radio options: Personal / Workspace / Organization, each with a short description and an "Active scope" note.
The three scopes
Personal
Only you can pick this credential in node inspectors. Other members of your workspace can't see it.
When to use:
- Your own personal accounts (your individual GitHub PAT, your own OpenAI key) that shouldn't be shared.
- Experimentation. Try things out without affecting teammates.
Workspace
Everyone in this workspace can use the credential. Shared visibility, shared access.
When to use:
- Production service accounts (Slack bot user, transactional email account, the company's Stripe key).
- Anything two or more teammates need to share.
This is the default and right answer for most production credentials.
Organization
Everyone in every workspace in your organization can use the credential.
When to use:
- Truly org-wide resources (a single Salesforce production org used by every workspace).
- Single-sign-on integrations.
Only available on Enterprise plans.
Choosing a scope
| You're storing⦠| Scope |
|---|---|
| Your own personal OAuth to a SaaS | Personal |
| The shared bot token for your team's Slack | Workspace |
| The corporate Salesforce admin API key | Organization (or Workspace, if only one workspace uses it) |
| A short-lived test API key while building | Personal |
| The org-wide SSO IdP credentials | Organization |
If unsure, pick Workspace, broad enough to share with teammates, narrow enough to not bleed across organisation boundaries.
Changing scope
Edit the credential β change the Scope radio β Save.
- Narrowing (Org β Workspace, Workspace β Personal) is safe: workflows that referenced the credential and live in the narrower scope keep working; everywhere else breaks immediately.
- Widening (Personal β Workspace) is also safe: no workflow loses access.
Always click Test after a scope change to confirm the credential still works.
Permissions and scope
Credential scope is independent of role permissions (Roles & permissions). Even with a Workspace credential, a workspace Viewer can use the credential in a workflow they have access to, but can't edit or delete the credential itself (only Admins and Owners can do that).
| Role | Can use a Workspace credential | Can edit / revoke / rotate it |
|---|---|---|
| Viewer | β (within workflows they can view) | β |
| Editor | β | β |
| Admin | β | β |
| Owner | β | β |
Tips & gotchas
- Personal credentials are tied to your user. If you leave the organisation, your Personal credentials are deactivated. Move team-critical credentials to Workspace scope before that happens.
- Org-scope credentials cross workspace boundaries, a workspace that should have been isolated for compliance (e.g. customer-data tenant) suddenly has access to a credential that shouldn't reach it. Use with care.
- Audit log records every use of a credential, including which workflow and which run. Useful for forensics if a credential is misused.
- Scope can't be set on Flero's own API keys, those are always at organization or workspace level by default, depending on where you generated them.
Related
Found something out of date? This page lives in the Flero docs content set.