Summary and recommendation
Airtable user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Airtable's admin panel (https://airtable.com/admin) gives admins a single place to invite, deactivate, and audit users across every app in the enterprise account. User management via the admin panel is available on Business and Enterprise Scale plans only.
The permission model is role-based and hierarchical - roles (Owner, Creator, Editor, Commenter, Read-only) are assigned at the workspace, base, or interface level, with workspace-level permissions cascading down unless overridden at the base level.
Seat type (Builder, Contributor, Viewer Restricted) is determined by the highest permission a user holds across every app they can access, and must be managed manually in the admin panel - it cannot be set via SSO or SCIM.
Quick facts
| Admin console path | Account menu (top-right) → Admin panel → Users |
| Admin console URL | Official docs |
| SCIM available | Yes |
| SCIM tier required | Business or Enterprise |
| SSO prerequisite | Yes |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Owner | Full control over workspace or base: manage collaborators, delete tables, create automations, manage interfaces, transfer ownership, configure billing. | Cannot remove themselves from a workspace where they are the sole owner without first transferring ownership. | All plans | Billable on Team ($20/user/mo annual, $24 monthly), Business ($45/user/mo annual, $54 monthly), Enterprise Scale (custom). | A user becomes an Owner (and thus a Builder seat) by creating a workspace or being granted Owner permission on any base/workspace, which can trigger an unintended seat upgrade. |
| Creator | Create/delete tables, create automations, create interfaces, manage field/table permissions, create invite links. Full data editing. | Cannot manage workspace billing or transfer workspace ownership. | All plans | Billable on Team and Business self-serve plans. Included in Enterprise Scale seat. | Sharing a base with Creator permissions to a Contributor-seat user will automatically upgrade that user to a Builder seat, increasing billing. |
| Editor | Edit records, add/delete/modify views, download data. At workspace level: invite Editors, Commenters, and Read-only users. | Cannot add/delete tables, create automations, create interfaces, or manage extensions. | All plans | Billable on Team and Business self-serve plans. Included in Enterprise Scale seat. | |
| Commenter | Add and view comments on records. Read-only access to base data. Can invite Commenters and Read-only users. | Cannot edit records, create views, create automations, or modify any base structure. | All plans | Billable on Team plans and Non-profit plans. Free (non-billable) on Business and Enterprise Scale plans. | On Business/Enterprise Scale, Commenters are non-billable, making them useful for stakeholder access without cost. |
| Read-only (Viewer) | View base data and automation configurations. Can invite other Read-only users. | Cannot edit records, comment, create views, or take any structural action. | All plans | Non-billable on all plans. | |
| Viewer (Restricted) | Non-billable read-only access. Cannot self-upgrade permission level. | Cannot upgrade their own seat type; can only be upgraded by an admin or service account. Cannot be assigned the User admin role. | Business and Enterprise Scale | Non-billable. | Viewer (Restricted) seat type must be set manually in the admin panel; cannot be provisioned via SCIM or SAML. |
| Super Admin / Org Unit Admin | Full access to all admin panel pages: Users, Groups, Workspaces, Bases, Interfaces, Settings, Roles, Billing. Can deactivate/reactivate users, transfer ownership, manage SSO, enforce 2FA. | Cannot deactivate their own account. Cannot revoke their own admin permissions. | Enterprise Scale (Super Admin); Business and Enterprise Scale (Org Unit Admin) | Requires a billable seat. | External users cannot be granted admin access. |
| User Admin / Integration Admin / Brand Admin | Scoped admin roles: User Admin manages users, licenses, groups, and workspace/base/interface permissions. Integration Admin manages integration settings. Brand Admin manages branding. | Cannot access admin panel pages outside their assigned role scope. Roles page is restricted to Enterprise Scale only. | Enterprise Scale | Requires a billable seat. | Multiple admin roles can be assigned to one user; permissions are additive. Custom admin roles are not available. |
Permission model
- Model type: role-based
- Description: Airtable uses a hierarchical, role-based permission model applied at three levels: workspace, base, and interface. Roles (Owner, Creator, Editor, Commenter, Read-only) are assigned per surface. Workspace-level permissions cascade to all bases within that workspace. Base-level permissions can be set independently and override workspace inheritance for specific users. Field-level and table-level editing permissions can be configured by Owners and Creators to further restrict which roles can edit specific fields or tables. Admin roles in the admin panel are a separate, predefined set of scoped administrative permissions.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Workspace-level, base-level, interface-level, and field/table-level editing restrictions. No record-level permissions natively. Interface page layouts support user-filtered record visibility via user fields.
How to add users
- Navigate to https://airtable.com/admin.
- Click 'Users' in the left navigation.
- Click 'Invite users' in the upper-right corner.
- Enter the email address of the user to invite.
- Search for or select the workspace, base, interface, or group to add them to.
- Click the dropdown icon next to the selected surface and choose a permission level.
- Optionally add a personalized message.
- Click 'Send invitations'.
Required fields: Email address, Target workspace, base, interface, or group, Permission level
Watch out for:
- Admin panel invite is only available on Business and Enterprise Scale plans.
- Enterprise admins can send up to 1,000 simultaneous invitations; Business plan admins are limited to 50.
- If domain verification is enabled, invited email addresses must match an allowed domain configured in the admin panel.
- Users already collaborating in the enterprise ecosystem auto-accept invitations to new bases or workspaces.
- External users (off-domain) cannot be granted admin access.
- Seat type (e.g., Viewer Restricted) cannot be set via SCIM or SAML; must be set manually in the admin panel after provisioning.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | No | Not documented |
| Domain whitelisting | Yes | Automatic domain-based user add |
| IdP provisioning | Yes | Business (user SCIM); Enterprise Scale (user and group SCIM) |
How to remove or deactivate users
- Can delete users: No
- Delete/deactivate behavior: Admins cannot delete users from the admin panel user list. Deactivating a user prevents them from logging into Airtable. Removing access only strips workspace and base privileges while still allowing the user to log in and create their own workspaces and bases. Deactivated users remain visible in the admin panel user list and can be filtered out but not removed from the list.
- Navigate to https://airtable.com/admin.
- Click 'Users' in the left navigation.
- Search for or locate the user to deactivate.
- Click the '...' (ellipsis) icon next to the user's name.
- Click 'Deactivate / Remove access'.
- Click 'Deactivate / Remove access' again to confirm.
- For bulk deactivation: select checkboxes next to multiple users, click 'Actions' in the top-right, then select 'Deactivate / Remove access'.
| Data impact | Behavior |
|---|---|
| Owned records | Deactivated users retain ownership of their bases and workspaces. Bases and workspaces remain intact and accessible to other collaborators. Deactivated user-owned content does not count toward the organization's usage limits. |
| Shared content | Workspace is unaffected when an owner is deactivated, provided at least one additional owner exists. If the deactivated user is the sole owner with no other collaborators, the workspace becomes inaccessible until the owner is reactivated or another owner is assigned. |
| Integrations | Automations using external accounts (Google, Slack, etc.) will fail and must be reconfigured by another collaborator. Synced tables created by the deactivated user will stop syncing and require reconnection. Emailed data sync integrations continue to function but cannot be transferred to a new owner. |
| License freed | Removing a billable collaborator mid-billing cycle does not reduce the current invoice. The freed seat remains available for reassignment until the end of the current billing cycle. The seat is not billed at the next renewal. |
Watch out for:
- An admin cannot deactivate their own account.
- An admin cannot revoke their own admin permissions.
- If a user is managed (claimed) by a different Enterprise organization, the 'Provision' option will be unavailable; only the managing organization's admin can reactivate them.
- Deactivated users cannot be removed from the admin panel user list; they can only be filtered out.
- Workspace ownership must be manually transferred before deactivating a sole workspace owner to prevent the workspace from becoming inaccessible.
- Automations with external account triggers must be manually reconfigured before or after deactivation to avoid automation failures.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Builder (Owner/Creator) | Highest-access billable seat. Determined by the highest permission level (Owner or Creator) the user holds on any base or workspace in the enterprise account. | Included in Enterprise Scale contract (custom pricing). On self-serve Business: $45/user/mo (annual) or $54/user/mo (monthly). On Team: $20/user/mo (annual) or $24/user/mo (monthly). |
| Contributor (Editor) | Billable seat for users whose highest permission is Editor across all enterprise bases and workspaces. | Same pricing tier as Builder on Enterprise Scale (custom). On self-serve Business and Team plans, billed at the same per-user rate as Owner/Creator. |
| Viewer / Commenter (non-billable on Business+) | Non-billable on Business and Enterprise Scale plans. Commenter is billable on Team and Non-profit plans. | Free on Business and Enterprise Scale. On Team: Commenter is billable at $20/user/mo (annual). On Non-profit: $12/user/mo. |
| Viewer (Restricted) | Non-billable read-only seat that can only be upgraded by an admin or service account. Cannot self-upgrade. | Non-billable on all plans. |
| Portal Guest Editor | External collaborator seat for Portals add-on. Visible as a distinct seat type in the admin panel Users page. | Portals add-on: starts at $120/mo (Team, 15 seats) or $150/mo (Business, 15 seats). Custom pricing for Enterprise Scale. |
- Where to check usage: Admin panel (https://airtable.com/admin) → Users → filter by Seat type or sort by Seat column to view Builder/Contributor/Viewer counts. Individual user detail sidesheet shows Seat Type, Last Active date, and all associated workspaces, bases, and interfaces.
- How to identify unused seats: In the admin panel Users page, filter by 'Last active' (options: More than 3 months ago, More than 6 months ago, More than 1 year ago) combined with a Seat filter for billable seat types (Builder, Contributor) to identify inactive billable users. The 'Last Activity Time' field reflects the last qualifying action taken in an enterprise-owned base or interface.
- Billing notes: Seat type is determined by the highest permission level a user holds across all enterprise bases and workspaces. A user can be inadvertently upgraded to a Builder seat if any collaborator shares a base with them at Creator or Owner level. Seat type cannot be set via SCIM or SAML; it must be managed manually in the admin panel. On annual plans, adding a billable collaborator charges for the full remaining contract period. Removing a billable collaborator mid-cycle does not reduce the current invoice but prevents billing at next renewal. Business and Enterprise Scale plans require private email domains (public domains like Gmail are ineligible for sales-led plans).
The cost of manual management
Seat costs in Airtable are driven by the highest permission level a user holds across every app in the enterprise account. A user becomes a billable Builder seat the moment any collaborator shares a base with them at Creator or Owner level - there is no built-in prevention mechanism for this.
On annual plans, adding a billable collaborator charges for the full remaining contract period; removing one mid-cycle does not reduce the current invoice. Commenters and Viewers are non-billable on Business and Enterprise Scale, making them a practical choice for stakeholder access.
The Viewer (Restricted) seat type is non-billable on all plans but must be set manually in the admin panel after provisioning - it cannot be assigned via SCIM or SAML. Group SCIM is locked to Enterprise Scale; Business plan accounts get user SCIM only.
Enterprise Scale pricing is not publicly listed and requires a sales conversation.
What IT admins are saying
The most consistent friction reported by Airtable admins centers on three areas. First, inadvertent seat upgrades: any collaborator sharing a base at Creator level will silently promote the recipient to a billable Builder seat, and the community confirms no native guardrail exists to prevent this.
Second, seat type cannot be managed programmatically - it must be adjusted manually in the admin panel regardless of whether SCIM or SAML is in use.
Third, SCIM deactivation via Entra ID has a known reliability issue; only Okta supports programmatic user disable and reactivate via SCIM. Deactivated users also cannot be permanently removed from the admin panel user list - they can only be filtered out.
Common complaints:
- Group SCIM locked to Enterprise Scale tier; Business plan only gets user SCIM.
- Okta-specific features (user disable/reactivate via SCIM) not available on other IdPs such as Entra.
- Enterprise Scale pricing is not publicly listed; requires sales contact.
- Seat type (Builder/Contributor/Viewer Restricted) cannot be set or managed via SCIM or SAML; must be adjusted manually in the admin panel.
- Users can be inadvertently upgraded to a higher (billable) seat type when any collaborator shares a base with Creator permissions; no built-in prevention mechanism exists.
- Deactivated users cannot be permanently removed from the admin panel user list, only filtered out.
- The admin panel 'Roles' page (for scoped admin roles) is restricted to Enterprise Scale; not available on Business plans.
- Workspace ownership must be manually transferred before deactivating a sole owner; no automated ownership reassignment on deactivation.
- Automations and syncs owned by a deactivated user break and require manual reconfiguration by remaining collaborators.
- Admins centrally managing user access report that the lack of a way to restrict who can invite collaborators at the base level leads to uncontrolled seat growth.
The decision
Manual administration in Airtable is viable for teams on Business plan where group SCIM is unavailable and user volumes are moderate. The admin panel supports bulk deactivation (up to 1,000 simultaneous invitations on Enterprise Scale, 50 on Business) and provides last-activity filtering to identify inactive billable seats.
The key operational risks are inadvertent Builder seat upgrades triggered by base sharing, and the requirement to manually transfer workspace ownership before deactivating a sole owner - failing to do so will make the workspace inaccessible.
Automations tied to a departing user's external account connections must also be manually reconfigured before or after deactivation to prevent failures.
Bottom line
Airtable's admin panel covers the core user lifecycle - invite, deactivate, audit - but several gaps require ongoing manual attention. Seat type cannot be set programmatically, inadvertent Builder upgrades have no built-in prevention, and deactivated users persist in the user list indefinitely.
On Business plan, group SCIM is unavailable, making bulk access management more labor-intensive. Teams that need reliable automated deprovisioning, group-level access control, or seat type enforcement at scale will find the manual approach increasingly difficult to sustain as headcount grows.
Automate Airtable workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
