Roles and permissions

Permissions translate org structure into enforceable rules. When in doubt, mirror how your company already thinks about data classification—customer data vs internal-only vs public marketing.

Default roles

Role	Typical use
Admin	Billing, security, workspace-wide settings
Member	Day-to-day work inside assigned projects

Admin count

Keep the admin group small and named. Too many admins increases accidental misconfiguration; too few blocks urgent fixes.

Custom roles

On supported plans, create roles that map to your internal job functions and restrict exports or automation actions.

Design tips

Name roles after outcomes (“Support – view only”) not job titles alone (“Engineer”), because titles drift faster than access needs.

Testing

Before rolling out a new role, impersonate or test with a sandbox user—verify denied actions fail closed with a clear error.

Auditing

Admins can review a lightweight access log of role changes and exports (retention varies by plan).

Reviews

Schedule quarterly access reviews for high-sensitivity projects. Export logs before reviews if you need to join them to HR systems.

​Default roles

​Admin count

​Custom roles

​Design tips

​Testing

​Auditing

​Reviews