Roles & Permissions
IntelliRepo uses role-based access control (RBAC) to manage permissions. This guide explains each role and what it can do.
Role Hierarchy
Roles are hierarchical - higher roles have all the permissions of lower roles:
Owner > Admin > Member > ViewerRole Descriptions
Owner
The person who created the organization. Each organization has exactly one Owner.
Special abilities:
- Transfer ownership to another user
- Cannot be removed by anyone else
- All Admin permissions
Admin
Organization administrators who manage users and settings.
Can:
- Invite and remove Viewers and Members
- Change user roles (except Owner)
- Create and manage API keys
- Access organization settings
- View audit logs and usage
Member
Regular team members who work with content.
Can:
- Create, edit, and delete collections
- Upload and manage documents
- Tag documents
- Use chat and search
- Access public collections
Viewer
Read-only users who can consume but not modify content.
Can:
- View collections and documents
- Use chat to ask questions
- Download documents
Cannot:
- Upload or delete anything
- Create collections
- Change settings
Permission Matrix
Content Management
| Action | Viewer | Member | Admin | Owner |
|---|---|---|---|---|
| View collections | Yes | Yes | Yes | Yes |
| Create collections | No | Yes | Yes | Yes |
| Edit collections | No | Yes | Yes | Yes |
| Delete collections | No | Yes | Yes | Yes |
| Upload documents | No | Yes | Yes | Yes |
| Edit documents/tags | No | Yes | Yes | Yes |
| Delete documents | No | Yes | Yes | Yes |
| Download/preview | Yes | Yes | Yes | Yes |
Chat and Search
| Action | Viewer | Member | Admin | Owner |
|---|---|---|---|---|
| Use chat | Yes | Yes | Yes | Yes |
| Use search | Yes | Yes | Yes | Yes |
| View sources | Yes | Yes | Yes | Yes |
Organization Settings
| Action | Viewer | Member | Admin | Owner |
|---|---|---|---|---|
| Access settings | No | No | Yes | Yes |
| View team | No | No | Yes | Yes |
| Invite users | No | No | Yes | Yes |
| Remove members/viewers | No | No | Yes | Yes |
| Remove admins | No | No | No | Yes |
| Change roles | No | No | Yes | Yes |
| Transfer ownership | No | No | No | Yes |
API Keys
| Action | Viewer | Member | Admin | Owner |
|---|---|---|---|---|
| View API keys | No | No | Yes | Yes |
| Create API keys | No | No | Yes | Yes |
| Revoke API keys | No | No | Yes | Yes |
Usage & Logs
| Action | Viewer | Member | Admin | Owner |
|---|---|---|---|---|
| View usage stats | No | No | Yes | Yes |
| View audit logs | No | No | Yes | Yes |
Changing User Roles
Who Can Change Roles
| Target Role | Who Can Change |
|---|---|
| To/From Viewer | Admin, Owner |
| To/From Member | Admin, Owner |
| To/From Admin | Owner only |
| Owner | Current Owner only (transfer) |
How to Change a Role
- Go to Settings > Team
- Find the user
- Click the role dropdown
- Select the new role
- Changes apply immediately
Transferring Ownership
The Owner can transfer ownership to another user:
- Go to Settings > Team
- Find the user to receive ownership
- Click Transfer Ownership
- Confirm the action
After transfer:
- The new person becomes Owner
- You become an Admin
- This cannot be undone without the new Owner's consent
Collection-Level Permissions
In addition to organization roles, private collections have their own access control.
Collection Roles
For private collections only:
| Role | View/Chat | Upload/Edit | Delete | Manage Members |
|---|---|---|---|---|
| Viewer | Yes | No | No | No |
| Editor | Yes | Yes | Yes | No |
| Owner | Yes | Yes | Yes | Yes |
Important Notes
- Organization Admins and Owners can access all collections
- Collection roles only apply to private collections
- Public collections follow organization roles
See Creating Collections for more on visibility settings.
Best Practices
Principle of Least Privilege
Give users the minimum role needed for their work. You can always grant more access later.
Role Assignment Guidelines
| User Type | Recommended Role |
|---|---|
| Executives / stakeholders | Viewer |
| Regular employees | Member |
| Team leads / managers | Member or Admin |
| IT administrators | Admin |
| Platform owner | Owner |
Regular Review
- Audit user roles quarterly
- Remove users who have left
- Downgrade roles no longer needed
- Check for role creep (accumulating permissions over time)
FAQ
Can I have multiple Owners?
No, each organization has exactly one Owner. For shared responsibility, use Admin roles.
Can an Admin remove the Owner?
No, only the Owner can transfer or remove their own ownership.
What happens when an Admin leaves?
Another Admin or the Owner can remove them. Their content remains.
Can Viewers create anything?
No, Viewers are strictly read-only. They can view content and ask questions but cannot create or modify anything.
Related Articles
Need Help?
Contact our support team if you have questions about permissions.