Overview
This lesson is part of the n8n AI Automation - Zero to Hero course, Section: 8. Enterprise Features & Conclusion.
Watch the video above for the full tutorial, or read the written guide below.
What is n8n's role-based access and workflow sharing system?
n8n's role-based access system assigns three roles to control who can do what in a shared workspace. The owner holds full access and is limited to one per instance. Admins can manage users, workflows, and credentials but cannot modify the owner role. Members manage only their own workflows. Workflows are private by default and must be explicitly shared, granting collaborators an editor role on that specific workflow.
How to share workflows, credentials, and control n8n via API
Adding users and sharing workflows
User management lives under Settings > Users. Click Invite, enter the recipient's email address, and they receive an invitation link. Once they accept, their account appears in the Users panel. To share a workflow, open it and click the Share button at the top of the canvas. Select users who have joined your instance, confirm they appear with an editor role, and click Save. To remove access, return to Share, click the delete icon next to the user, and save again. Admin roles require the Pro plan; on the Starter plan, additional invited users default to the member role.
Sharing credentials without exposing secrets
Credential sharing lets team members use API keys and OAuth tokens in workflows without ever seeing the underlying values. Navigate to your personal space, click the Credentials tab, open a credential such as an ElevenLabs API key, and click Sharing. Select a project to grant everyone in that project access, or pick individual users, then click Save. To revoke access, click the delete icon next to the user and save. Only the owner and admins can revoke credential access from other users.
Controlling n8n programmatically via the API
The n8n API is accessible under Settings > n8n API. Click Create an API key, provide a name, and set an expiration (7, 30, 60, or 90 days; no expiration is not recommended). Review the available scopes: users, workflows (create, read, update, delete, activate, deactivate), executions, credentials, tags, and variables. To call the API from an HTTP Request node, set the method to GET and form the URL as <your-instance-url>/api/v1/users. Add a Header Auth credential named x-n8n-api-key with the API key as its value, plus an Accept: application/json header. For in-workflow control, use the dedicated n8n node under the same credential; it wraps the same endpoints in a UI-driven interface and eliminates manual URL construction.
Key Takeaways
- The owner role is capped at one per instance with full access. Admins can manage users, workflows, and credentials but cannot modify the owner. Members control only their own workflows with no global instance access.
- Workflows are private by default. Sharing requires opening the workflow, clicking Share, selecting invited users who receive an editor role, and clicking Save. Access is revoked the same way using the delete icon.
- Credential sharing lets collaborators use API keys such as ElevenLabs or Google Sheets tokens inside workflows without being able to view or extract the actual key values. Only the owner and admin accounts can revoke this access.
- The n8n API enables programmatic workflow activation and deactivation, making it practical to build a meta-workflow that turns other workflows on at 8 a.m. and off at 6 p.m., preventing wasted execution credits outside business hours.
- The
x-n8n-api-keyheader authenticates external code calling the n8n REST API. For in-workflow orchestration, the dedicated n8n node exposes the same actions without requiring manual URL construction.
Related Lessons
- Lesson 42: How to Scale n8n Workflows with Enterprise Security & Version Control | Course Conclusion
Next Steps
Continue your n8n journey with the full n8n AI Automation - Zero to Hero course.