Roles and permissions

The four roles

Every member of your organisation has one role. Roles control what a member can do across audits, tickets, statements and organisation settings.

• Owner
  • Full control of the organisation
  • Edits organisation details, including the name and statement fields
  • Invites members, approves join requests and revokes invitations
  • Changes any member's role and removes any member
  • Deletes audits
• Admin
  • Edits organisation details, including the name and statement fields
  • Invites members, approves join requests and revokes invitations
  • Changes the role of Editors and Read only members, and removes them
  • Cannot change or remove Owners or other Admins
  • Deletes audits
• Editor
  • Creates and updates day-to-day work, such as audits, walkthroughs and tickets
  • Cannot manage organisation settings, members or invitations
  • The default role for new invitations
• Read only
  • Views audits, results, tickets and statements
  • Cannot create or change anything
  • Suited to stakeholders who need visibility without edit access

For day-to-day work like raising issues, see Creating tickets.

Who can assign which roles

• Owners can assign Admin, Editor or Read only to other members.
• Admins can assign Editor or Read only.
• Editors and Read only members cannot manage roles.

The same rules apply when choosing a role for an invitation or an approved join request. See Inviting members.

Owner protections

An organisation can have more than one Owner, but it must always keep at least one. The last remaining Owner cannot be demoted, removed or allowed to leave. To change roles or remove a member, see Managing members.