Roles & Permissions
Every member of an organisation has one role. Roles are ranked, and most permissions are "this rank or above". Roles are set on the Team & Roles page (/team) — per-member dropdown, or at invite time — by a manager (MANAGER+ or the team owner).
The seven roles
Ranked from least to most privileged:
| Rank | Role | Can do |
|---|---|---|
| 0 | VIEWER | Read-only. See assigned work; no creation, no changes. |
| 1 | PUBLISHER | Everything a VIEWER can, plus publish at Publish stages. |
| 1 | REVIEWER | Everything a VIEWER can, plus approve / reject at workflow approval gates. |
| 2 | CREATOR | Update progress on own requests and run AI generation. |
| 3 | MANAGER | Create and assign requests, manage sprints and workflows, see all org requests. |
| 4 | ADMIN | Manager capabilities plus organisation administration. |
| 5 | OWNER | Full control. The team creator is OWNER. |
They're siblings — each adds one specific capability (publishing vs. approving) on top of read access, rather than ranking above the other.
What "manager" means
Several capabilities are gated on being a manager, which is defined as: role MANAGER or above, or being the team owner. Managers can:
- create, edit and assign Requests,
- create and manage Sprints and assign requests to them,
- build, publish and install Workflows and Marketplace packs,
- change other members' roles.
Visibility: who sees which requests
This is the most important day-to-day rule:
- Managers see all requests in the organisation.
- Everyone below manager sees only the requests assigned to them.
This is enforced consistently across listing, viewing, standups, generation and reporting — there's no way for a non-manager to see work that isn't theirs. The scoping is all-or-nothing (assigned vs. everything); there's no finer per-project visibility tier.
Capability summary
| Action | Minimum role |
|---|---|
| View assigned requests | VIEWER |
| Publish at a Publish stage | PUBLISHER |
| Approve / reject at an approval gate | REVIEWER |
| Run AI generation (spend credits) | CREATOR |
| Create & assign requests | MANAGER |
| Manage sprints & workflows | MANAGER |
| Install / publish Marketplace workflows | MANAGER |
| Change member roles | MANAGER |
| See all org requests | MANAGER |
| Administer the organisation | ADMIN |
Giving someone the CREATOR role lets them run AI generation; it doesn't give them anything to do. To hand someone actual work, set them as the Assignee on a Request.
Note on AI generation and the Gate
Even a CREATOR (or higher) can only run AI generation if they also pass the Gate — verified email and a positive wallet balance. Role grants permission; the Gate enforces eligibility to spend. See Credits & Billing.