Fireflies.ai Enterprise RBAC

Overview

Manage workspace access control in Fireflies.ai using roles, channels, privacy levels, and the sharing API. Fireflies uses per-seat licensing with workspace roles and channel-based transcript organization.

Prerequisites

• Fireflies Business or Enterprise plan
• Workspace admin privileges (or API key from admin account)
• Understanding of your team structure

Workspace Roles

Instructions

Step 1: List Workspace Members

set -euo pipefail
curl -s -X POST https://api.fireflies.ai/graphql \
  -H "Authorization: Bearer $FIREFLIES_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"query": "{ users { name email user_id is_admin num_transcripts } }"}' \
  | jq '.data.users[] | {name, email, admin: .is_admin, transcripts: .num_transcripts}'

Step 2: Set User Roles via API

// Promote or change a user's role
async function setUserRole(userId: string, role: string) {
  return firefliesQuery(`
    mutation($userId: String!, $role: String!) {
      setUserRole(user_id: $userId, role: $role)
    }
  `, { userId, role });
}

// Usage: setUserRole("user-id-123", "admin")

Step 3: Organize Transcripts with Channels

// List all channels
const channels = await firefliesQuery(`{
  channels {
    id
    title
    is_private
    created_by
    members { user_id email name }
  }
}`);

// Move transcripts to a channel
async function assignToChannel(transcriptIds: string[], channelId: string) {
  return firefliesQuery(`
    mutation($ids: [String!]!, $channelId: String!) {
      updateMeetingChannel(transcript_ids: $ids, channel_id: $channelId)
    }
  `, { ids: transcriptIds, channelId });
}

Organize by department:

• Sales channel: All client/prospect calls
• Engineering channel: Sprint reviews, architecture discussions
• Leadership channel (private): Board meetings, strategy sessions

Step 4: Control Transcript Privacy

// Privacy levels (most restrictive to least)
type PrivacyLevel =
  | "owner"                    // Only meeting organizer
  | "participants"             // Only meeting participants
  | "teammatesandparticipants" // Workspace members + participants
  | "teammates"               // All workspace members
  | "link";                    // Anyone with the link

async function setTranscriptPrivacy(transcriptId: string, privacy: PrivacyLevel) {
  return firefliesQuery(`
    mutation($id: String!, $privacy: String!) {
      updateMeetingPrivacy(transcript_id: $id, privacy_level: $privacy)
    }
  `, { id: transcriptId, privacy });
}

// Default new transcripts to participants-only
await setTranscriptPrivacy("transcript-id", "participants");

Step 5: Share Meetings with External Users

// Share a transcript with up to 100 email recipients
async function shareMeeting(transcriptId: string, emails: string[], expiryDays = 30) {
  return firefliesQuery(`
    mutation($id: String!, $emails: [String!]!, $expiry: Int) {
      shareMeeting(transcript_id: $id, emails: $emails, expiry_days: $expiry)
    }
  `, { id: transcriptId, emails, expiry: expiryDays });
}

// Revoke access
async function revokeAccess(transcriptId: string, email: string) {
  return firefliesQuery(`
    mutation($id: String!, $email: String!) {
      revokeSharedMeetingAccess(transcript_id: $id, email: $email)
    }
  `, { id: transcriptId, email });
}

// Rate limit: 10 share operations per hour, up to 50 emails each

Step 6: User Groups for Bulk Access

// List user groups
const groups = await firefliesQuery(`
  query($mine: Boolean) {
    user_groups(mine: $mine) {
      id name
      members { user_id email name }
      created_at
    }
  }
`, { mine: false });

// Use groups to manage channel membership in bulk

Step 7: Audit Transcript Access

async function auditTranscriptAccess(transcriptId: string) {
  const { transcript } = await firefliesQuery(`
    query($id: String!) {
      transcript(id: $id) {
        id title
        privacy
        organizer_email
        shared_with
        channels { id }
        workspace_users
      }
    }
  `, { id: transcriptId });

  console.log(`Transcript: ${transcript.title}`);
  console.log(`Privacy: ${transcript.privacy}`);
  console.log(`Owner: ${transcript.organizer_email}`);
  console.log(`Shared with: ${transcript.shared_with?.join(", ") || "none"}`);
  console.log(`Channels: ${transcript.channels?.map((c: any) => c.id).join(", ") || "none"}`);
  console.log(`Workspace users: ${transcript.workspace_users?.join(", ") || "none"}`);

  return transcript;
}

Recommended Enterprise Configuration

privacy_defaults:
  internal_meetings: "teammatesandparticipants"
  external_meetings: "participants"
  leadership_meetings: "owner"

channel_structure:
  - name: "Sales"
    private: false
    auto_assign: "meetings with external participants"
  - name: "Engineering"
    private: false
    auto_assign: "meetings with 'sprint' or 'standup' in title"
  - name: "Leadership"
    private: true
    members: "C-suite + VPs only"

sharing_policy:
  max_expiry_days: 30
  require_approval: true  # For external sharing

Error Handling

Output

• Workspace members audited with roles and utilization
• Channels created for department-based transcript organization
• Privacy levels configured per meeting type
• Sharing controls with expiry and revocation

Resources

• Fireflies API Docs
• User Query

Next Steps

For migration strategies, see fireflies-migration-deep-dive.