Custom roles

Create a custom role

1. 1

   Open Roles

   Settings → Roles. Built-in roles are listed first, custom roles below. Click + Create role.
2. 2

   Name and describe

   Give the role a clear name (e.g., Workflow Editor, Policy Reviewer) and a one-line description so future admins understand the intent.
3. 3

   Pick permissions

   Tick the permissions this role should grant. Permissions are grouped by resource so you can scan them quickly.
4. 4

   Save

   The role appears in the role dropdown anywhere users are assigned. Existing users keep their current role until you change it.

Permission catalog

Assign and manage

1. 1

   Assign a role to a user

   Go to Users & roles, open the role dropdown for the user, and pick your custom role. Effective immediately.
2. 2

   Edit a role

   Roles → click the role. Toggle permissions and save. Every user with this role inherits the change on their next request.
3. 3

   Delete a role

   Open the role menu and click Delete. Users currently assigned this role are reassigned to Viewer automatically.

Frequently asked questions

Can custom roles grant more than Admin?

No. Owner is the only super-role. Custom roles can grant any combination of the listed permissions but cannot grant ownership transfer or workspace deletion.

Are there limits on how many custom roles I can create?

Pro and Enterprise have no hard cap. Most teams settle on three to five custom roles in practice — keep the list small for clarity.

Do permission changes apply retroactively to running agents?

They apply to the next action a user performs. In-flight executions started before the change continue with the permissions that were valid at launch.

Can I scope a role to a single agent or workflow?

Not at the role level. Use policies for resource-level scoping. Roles grant capability; policies constrain which resources that capability applies to.

Related