Multi-tenant permissions done right: What Slack, Notion, and Linear can teach us

Every B2B SaaS application typically begins with basic roles like Admin, Member, and Viewer, but as enterprise clients demand more tailored roles such as "Billing Manager" or "External Contractor," developers face the challenge of role explosion, where an excess of roles is created, often cluttering the system. To address this, platforms like Slack, Notion, and Linear have developed distinct strategies for handling permissions within multi-tenant environments. Slack, for instance, uses a combination of system roles, custom roles, and scoped delegation, allowing organizations to assign specific permissions to roles without granting excessive access. Notion employs a layered permissions model with teamspace-level overrides to ensure flexibility and control without overwhelming users with complexity. Linear simplifies this by focusing on team-level delegation, keeping global roles minimal and manageable. These strategies highlight the importance of scoped customization, sensible defaults, and integration with identity providers to efficiently manage roles and permissions. WorkOS, recognizing these patterns, offers solutions that include environment-level defaults and organization-specific roles, while supporting identity provider role assignments to streamline and scale role management effectively.