Roles and permissions
The built-in Owner, Admin, and Member roles, and custom permission matrices.
4 min read · Updated June 28, 2026
A member's role decides what they can do. Three roles are built in, and on the Business plan you can define your own.
The built-in roles
- Owner, full control of the organization: billing, org settings, roles, retention, and removing members. Bypasses per-document restrictions.
- Admin, runs the org day to day: manages content, invites members and sets their roles, and manages groups. Also bypasses restrictions. An Admin can't change org-wide settings, create roles, or remove members, those stay with the Owner.
- Member, the everyday role: works with shared documents within their permissions, with no access to org settings and no restriction bypass.
Custom roles
A custom role grants permissions across 17 object types, from documents, folders, tags, and contacts to custom fields, saved views, automations, webhooks, e-signatures, members, and org settings, each with view, add, change, or delete. Mix and match to fit exactly what a role should be able to do.
Good to know
Custom roles are part of the Business plan, and only an Owner can create or edit roles and change org-wide settings. See Plans and storage limits.
Tip
Start from whichever built-in role is closest in your head, then reach for a custom role only where you need something narrower or broader.