Roles & Permissions Guide
Control who can do what in your organization.
Organization Level
| Action | Owner | Admin | Editor | Member |
|---|
| Manage billing | ✓ | ✗ | ✗ | ✗ |
| Delete organization | ✓ | ✗ | ✗ | ✗ |
| Manage members | ✓ | ✓ | ✗ | ✗ |
| View members | ✓ | ✓ | ✓ | ✓ |
| Access settings | ✓ | ✓ | ✗ | ✗ |
| Manage API keys | ✓ | ✓ | ✗ | ✗ |
Assistants
| Action | Owner | Admin | Editor | Member |
|---|
| Create | ✓ | ✓ | ✓ | ✗ |
| Edit own | ✓ | ✓ | ✓ | ✗ |
| Edit others | ✓ | ✓ | ✗ | ✗ |
| Delete own | ✓ | ✓ | ✓ | ✗ |
| Delete others | ✓ | ✓ | ✗ | ✗ |
| Use | ✓ | ✓ | ✓ | ✓ |
Public Spaces
| Action | Owner | Admin | Editor | Member |
|---|
| Create | ✓ | ✓ | ✓ | ✗ |
| Edit settings | ✓ | ✓ | ✓* | ✗ |
| Manage members | ✓ | ✓ | ✓* | ✗ |
| Upload documents | ✓ | ✓ | ✓ | ✗ |
| Create chats | ✓ | ✓ | ✓ | ✓ |
| View content | ✓ | ✓ | ✓ | ✓ |
*Editors can only edit spaces they created
Private Spaces
| Action | Owner | Admin | Editor | Member |
|---|
| Create | ✓ | ✓ | ✓ | ✗ |
| View | Invited only |
| Edit | Space admins only |
Chats
| Action | Owner | Admin | Editor | Member |
|---|
| Create | ✓ | ✓ | ✓ | ✓ |
| View own | ✓ | ✓ | ✓ | ✓ |
| View shared | ✓ | ✓ | ✓ | ✓ |
| Share | ✓ | ✓ | ✓ | ✓ |
| Delete own | ✓ | ✓ | ✓ | ✓ |
When to Use Owner
- Founders/executives
- IT administrators
- Primary account managers
- Only 1-2 per organization
When to Use Admin
- Team leads
- IT support staff
- HR managing onboarding
- Anyone needing member management
When to Use Editor
- Power users creating content
- Developers building assistants
- Content creators
- Active contributors
When to Use Member
- Most team members
- New employees
- External collaborators
- View/use only needs
Role Change Best Practices
Promotions
- Start everyone as Member
- Promote to Editor when they need to create
- Promote to Admin only when needed
Offboarding
- Remove members promptly when they leave
- Consider downgrading before removing
- Audit what they had access to
Regular Reviews
- Monthly access reviews
- Check for over-privileged accounts
- Remove unused accounts
Least Privilege Principle
Give the minimum access needed for the job.
Sensitive Data
- Use private spaces for confidential info
- Limit Admin count
- Audit API key creation
External Collaborators
- Use Member role for contractors
- Limit to specific spaces
- Set end dates if possible