Workspace privacy and collaboration
Understand how private workspaces isolate content, how artifacts can be used across workspaces, and how collaboration works among workspace members during development.
Private workspace scope and boundaries
Private workspaces provide secure, isolated environments for team-specific development. When you understand workspace boundaries, you can organize work effectively and maintain proper access control.
Artifact visibility during development
During development, only workspace members can view and edit artifacts in a private workspace:
- Workspace members can see and edit all artifacts within their workspace
- Builders outside the workspace cannot see or access these artifacts
- Private workspaces maintain strict isolation to ensure secure and independent development
| Workspace | Members | Visible artifacts in the workspace |
|---|---|---|
| Marketing Team | User A, User B | Marketing Team workspace artifacts only (for example, Marketing agents, tools, knowledge bases). Global artifacts also visible. No artifacts from Sales Team. |
| Sales Team | User A, User C, User D | Sales Team workspace artifacts only (for example, Sales agents, tools, knowledge bases). Global artifacts also visible. No artifacts from Marketing Team. |
| Global | All builders | Only shared, tenant‑level organizational artifacts. No artifacts from Marketing or Sales private workspaces. |
Understanding artifact scope
Artifacts in watsonx Orchestrate are either workspace-scoped or tenant-level. Understanding the difference helps you organize your work effectively.
The following table shows the scope of different artifact types:
| Artifact type | Scope | Visibility during development | Shared across workspaces? |
|---|---|---|---|
| Agents | Workspace | Only workspace members | No |
| Tools | Workspace | Only workspace members | No |
| Knowledge bases | Workspace | Only workspace members | No |
| Models | Tenant | All workspace members with Builder role | Yes |
| Connections | Tenant | All workspace members with Builder role | Yes |
| Voice | Tenant | All workspace members with Builder role | Yes |
| Channels | Tenant | All workspace members with Builder role | Yes |
Workspace-scoped artifacts:
-
Artifacts created in a private workspace cannot be shared across workspaces during the development phase.
-
Artifacts in the global workspace are visible to all users in your tenant, depending on their assigned user roles and permissions.
-
Workspace-scoped artifacts are visible and accessible only to workspace members during development.
-
Workspace-scoped artifacts are isolated from other workspaces to maintain privacy and separation.
-
Workspace-scoped artifacts can be copied between workspaces by workspace members with Owner role.
Tenant-level artifacts:
-
Tenant-level artifacts are shared across all workspaces in your organization.
-
All workspace members can reference these artifacts in their projects.
-
Access to tenant-level artifacts is based on service instance permissions assigned through IBM Cloud IAM.
Cross-workspace artifact usage rules
When you understand how to use artifacts across workspaces, you can plan dependencies and maintain security:
Private to private
You cannot use artifacts from one private workspace in agents or tools in another private workspace.
- An agent in the "Marketing Team" workspace cannot use a tool from the "Sales Team" workspace
- This ensures complete isolation between team workspaces
Global to private
You can reuse Global workspace artifacts within private workspaces.
- A private workspace agent can use tools from the Global workspace
- This allows teams to build on shared organizational resources
Member capabilities within a private workspace
Workspace members have different capabilities based on the role you assign them:
All members can:
- Create, edit, and manage artifacts within the workspace
- Build and contribute to workspace artifacts
- Create agents, tools, and knowledge bases
- Collaborate with other members on workspace content
- View and use all workspace artifacts during development
- Test and deploy agents from the workspace
Owner-specific capabilities:
- Manage roles and workspace access
- Add or remove workspace members
- Delete the workspace
- Copy artifacts into the workspace from other workspaces