Role-based access control
The four roles, what each can and can't do.
Every workspace member has one of four roles. Each role is a superset of the one below.
Owner
Everything. Workspace settings, billing, member management, destructive actions (delete workspace, revoke all integrations). Typically: founder, CTO.
Admin
Everything except billing and workspace deletion. Can add/remove members, change integrations, configure autopilot. Typically: head of growth, VP ops.
Operator
Read-write on all dashboards. Can approve autopilot actions, edit dunning templates, pause/resume recovery. Cannot change integrations or invite members. Typically: growth marketer, operations lead.
Viewer
Read-only. Can see dashboards, export reports. Cannot approve actions or change anything. Typically: exec reporting, auditors, contractors.
Changing roles
Settings → Team → [member] → Change role. Owner-level changes require a second Owner to confirm.