Users & access management
Users
When a user accepts an invitation, they become a Member of the organization. From that point on, they can interact with the organization’s resources according to their assigned role.
A user's role can be changed at any time. Similarly, a user can be removed (kicked) from the organization at any time.
Roles
Every user in an organization is assigned a role. We offer four roles, listed below in order of descending privilege:
| Name | Description |
|---|---|
| Onwer | Highest level of access. Full Administrative rights, including billing and ownership transfer. |
| Admin | Administrative role with broad permissions to manage users and content. |
| Member | Content-focused role with permissions to create and manage widgets, secrets, etc. |
| Guest | Read-only role for limited access. |
You can assign any combination of roles within your organization — for example, everyone can be a Guest or an Admin. Role assignment is not restricted by your plan.
The Owner Role
The Owner role is special and deserves particular attention:
- There can be only one Owner per organization.
- The Owner cannot change their own role, cannot leave the organization, and cannot be removed.
- Ownership can be transferred to any other Member of the organization at any time.
WARNING
Transfer ownership with caution. Make sure you trust the person you're assigning it to. This action cannot be undone unless the new Owner transfers ownership back to you.
Permissions
Each role comes with a specific set of permissions. The table below outlines all supported actions along with the minimum required role needed to perform each.
| Name | Description | Minimal role |
|---|---|---|
| Organizations:View | View organization details | Guest |
| Organizations:Edit | Edit organization settings | Admin |
| Organizations:InviteUser | Invite users to the organization | Admin |
| Organizations:RevokeInvitation | Revoke user invitations | Admin |
| Organizations:ViewInvitations | View sent invitations | Guest |
| Organizations:KickUser | Remove a user from the organization | Admin |
| Organizations:ViewMembers | View organization Members | Guest |
| Organizations:ChangeUserRole | Change roles of other Members | Admin |
| Organizations:TransferOwnership | Transfer organization ownership | Owner |
| Organizations:ViewSubscription | View subscription and billing status | Guest |
| Organizations:ViewSubscriptionPayments | View subscription payments | Owner |
| Organizations:ManageSubscription | Manage billing and subscription | Owner |
| Organizations:CreateAccessToken | Create Public API access tokens | Member |
| Organizations:DeleteAccessToken | Delete Public API access tokens | Member |
| Organizations:ViewAccessTokens | View Public API access tokens | Guest |
| Files:View | View files | Guest |
| Files:Create | Create files | Member |
| Files:Delete | Delete files | Member |
| WidgetSecrets:View | View widget secrets | Guest |
| WidgetSecrets:Create | Create widget secrets | Member |
| WidgetSecrets:Delete | Delete widget secrets | Member |
| Widgets:View | View widgets | Guest |
| Widgets:ViewStats | View widget statistics | Guest |
| Widgets:Create | Create new widgets | Member |
| Widgets:Edit | Edit existing widgets | Member |
| Widgets:Publish | Publish widgets | Member |
| Widgets:Archive | Archive widgets | Member |
| Widgets:Unarchive | Unarchive widgets | Member |
| Widgets:Delete | Delete widgets | Admin |
| WidgetFlowEvents:Read | Read flow events | Guest |
| WidgetFlowCollectedRecords:Read | Read collected records | Guest |