Back to documentation hub
reference
Roles & permissions matrix
Understand default roles, custom permission sets, and governance tips.
8 min•workspace•
compliance
operations
Default roles
| Role | Intended audience | Key capabilities |
|---|---|---|
| Owner | Executives, CX leadership | Billing, workspace settings, role management |
| Admin | CX operations | Queue configuration, automations, knowledge, analytics |
| Lead | Team managers | Queue oversight, coaching, SLA adjustments |
| Agent | Frontline reps | Ticket work, macro usage, AI assist |
| Viewer | Finance, product | Read-only access to reports and tickets |
Custom roles
- Navigate to Workspace → Roles.
- Duplicate an existing role or create from scratch.
- Toggle capabilities such as API key management, automation editing, or knowledge publishing.
- Assign roles to users or SCIM groups.
Permission granularity
- Ticket actions can be restricted by queue or brand.
- Analytics dashboards can be shared selectively.
- Automation recipes support edit vs. run-only permissions.
Governance recommendations
- Enforce SSO and MFA for all non-viewer roles.
- Review role assignments quarterly.
- Use SCIM provisioning to keep roles in sync with HR systems.
- Log role changes (visible in the audit log) for compliance.
Least privilege playbook
- Start new teammates as Agents.
- Grant elevated access temporarily via Just-In-Time approvals.
- Monitor audit events for
role.updatedanomalies.
Roles keep control tight while letting teams move fast.
Need deeper implementation help?
Share your requirements and we’ll assemble a tailored rollout or security packet.