Documentation Organization Roles
Organization Level Roles & Permissions
If you wish to use the app as a multi-tenant app, the Organizations owners can create roles & permissions for their organization.
Default Roles & Permissions
The roles & Permissions work similar to the global roles & permissions, but are scoped to the organization separately.
Every time an organization is created, the following roles & permissions are created:
| Role | Permissions |
|---|---|
| Owner | All permissions |
| Admin | All permissions |
| Member | organization:read, members:read, roles:read, projects:read, analytics:read |
| Viewer | organization:read, members:read, projects:read |
Available Permissions
These permissions are seeded by default but can be modified in the server/services/organizationService.ts file.
Every permission is scoped to the organization. The owner and admins have all permissions and can independantly create new roles.
Creating new permissions is done only from the code as they need to be assigned to specific actions.
| Permission | Description |
|---|---|
organization:read | View organization details |
organization:update | Update organization settings |
organization:delete | Delete organization |
members:read | View organization members |
members:invite | Invite new members |
members:remove | Remove members from organization |
members:update | Update member roles and status |
roles:read | View organization roles |
roles:create | Create new roles |
roles:update | Update existing roles |
roles:delete | Delete roles |
permissions:read | View organization permissions |
permissions:create | Create new permissions |
permissions:update | Update existing permissions |
permissions:delete | Delete permissions |
invitations:read | View organization invitations |
invitations:create | Create new invitations |
invitations:cancel | Cancel pending invitations |
analytics:read | View organization analytics |