Teams & permissions

Roles and permissions

The built-in Owner, Admin, and Member roles, and custom permission matrices.

4 min read · Updated June 28, 2026


A member's role decides what they can do. Three roles are built in, and on the Business plan you can define your own.

The built-in roles

  • Owner, full control of the organization: billing, org settings, roles, retention, and removing members. Bypasses per-document restrictions.
  • Admin, runs the org day to day: manages content, invites members and sets their roles, and manages groups. Also bypasses restrictions. An Admin can't change org-wide settings, create roles, or remove members, those stay with the Owner.
  • Member, the everyday role: works with shared documents within their permissions, with no access to org settings and no restriction bypass.

Custom roles

A custom role grants permissions across 17 object types, from documents, folders, tags, and contacts to custom fields, saved views, automations, webhooks, e-signatures, members, and org settings, each with view, add, change, or delete. Mix and match to fit exactly what a role should be able to do.

Good to know

Custom roles are part of the Business plan, and only an Owner can create or edit roles and change org-wide settings. See Plans and storage limits.

Tip

Start from whichever built-in role is closest in your head, then reach for a custom role only where you need something narrower or broader.

Was this article helpful?

Ready to try it?

Open your vault and put this into practice.

Open app