Managing roles and permissions
At a glance
Roles and permissions let you precisely control what each member of your workspace can see and do. Combine the 4 system roles (Owner, Administrator, Editor, Viewer) with custom roles to tailor access to your organization.
Practical example: in a consulting firm, junior consultants have an "Analyst" role with read access to dashboards and the knowledge base, while managers have a "Manager" role with full access to workflows and the ontology.
Before you begin
- You must have the Owner or Administrator role to manage roles and permissions.
- Members must already be invited to the workspace (see workspace settings).
Key vocabulary
| Term | Meaning | Example |
|---|---|---|
| System role | One of the 4 base roles assigned to each member. | Owner, Administrator, Editor, Viewer |
| Custom role | A role you create with specific permissions. | "Analyst", "Project manager", "Auditor" |
| Permission | An access right to a module and an action. | ontology.view, workflow.execute |
| Permissions matrix | A modules x actions grid that defines a role's rights. | See the matrix below |
Steps
Access permission management
- Open Settings from the sidebar.
- Select the Permissions tab.
Understanding system roles
Each workspace member has a system role. These roles cannot be deleted, but their permissions are transparent:
| Role | Description | Rights |
|---|---|---|
| Owner | Full access, all permissions. | Everything, including advanced settings management. |
| Administrator | Full management except advanced settings. | Everything except settings.admin. |
| Editor | Content creation and modification. | View + edit + execute (workflows, agent). |
| Viewer | Read-only access. | View only across all modules. |
Create a custom role
Custom roles are added on top of the system role to refine access:
- In the Roles tab, click Create a role.
- Fill in the form:
| Field | Description | Example |
|---|---|---|
| Identifier | Unique role code (lowercase, no spaces). | analyst |
| Name | Label displayed in the interface. | Data analyst |
| Description | Explanation of the role's scope. | "Read access to dashboards and the knowledge base" |
| Color | Badge color in the members list. | Blue |
- Click Save.
Configure a role's permissions
- In the Roles tab, click on the role to configure.
- The permissions matrix appears on the right.
- Check the boxes to enable the desired permissions.
Permissions matrix
The matrix presents 12 modules as rows and possible actions as columns:
| Module | View | Edit | Execute | Administer | Approve |
|---|---|---|---|---|---|
| Ontologie | view | edit | — | admin | — |
| Workflows | view | edit | execute | admin | — |
| AI Agent | view | edit | execute | admin | — |
| Knowledge base | view | edit | — | admin | — |
| Dashboards | view | edit | — | admin | — |
| Live Data | view | edit | — | admin | — |
| Spreadsheets | view | edit | — | admin | — |
| Calendar | view | edit | — | admin | — |
| Governance | view | edit | — | admin | approve |
| Settings | view | edit | — | admin | — |
| Pipelines | view | edit | execute | admin | — |
System roles cannot be modified. To customize access, create a custom role and assign it to the relevant members.
Assign a custom role to a member
- In the Members tab, click on the relevant member.
- In the Custom roles section, click Assign a role.
- Select the role from the list.
- The member now combines the permissions from their system role and custom role.
Delete a custom role
- In the Roles tab, select the custom role.
- Click Delete (trash icon).
- Confirm the deletion.
Deleting a role automatically removes the associated permissions from all members who had it. System roles (Owner, Administrator, Editor, Viewer) cannot be deleted.
Expected result
Your members have permissions tailored to their function. The modules visible in the sidebar and available actions adjust automatically based on assigned roles. A member without the ontology.view permission will not see the Ontologie module in their menu.
Limitations and common errors
| Situation | Solution |
|---|---|
| "Access denied" when creating a role | Verify that your system role is Owner or Administrator. |
| A member still sees a module after permission removal | Ask the member to refresh the page to apply the changes. |
| Cannot delete a system role | The 4 system roles are protected. Create custom roles to adjust access. |
| A member has lost access to everything | Check their system role and custom roles in the Members tab. |
Need help?
Contact us: Support and contact.