There are two types of roles that define a user’s level of access.

  • Organization Role: The set of permissions this user has within the Organization’s settings and applications
  • Application Role: The set of permissions this user has to a specific application

Organization roles

When you invite a user to an organization you have to assign an Organization Role to that user.

Once the user accepts that invitation, the user becomes a member of the organization. Organization Roles include:

  • Admin
    • can change organization settings
    • can invite other users into organization and revoke memberships
    • can access all applications within that organization and give members access to specific applications
  • Member
    • can view the applications they’ve been given access to by an Admin, but no other applications.
    • can view the members and roles within the orgnaization, but may not edit membership
    • can view the authentication settings, but may not edit authentication
  • Billing Manager
    • can access billing section for that organization
    • can update payment information
    • can request plan changes
    • can see MAUTHs numbers
    • can access past invoices

The Billing Manager role is special in that a new member must first be assigned as an Admin or Member and must accept the invitation before the Billing Manager role can be added to their profile within your organization. As such, Billing Manager cannot be selected when inviting a user, but is instead setup after they accept the invitation by navigating to their profile page, and updating their role within the organization.

Application roles

A user who is an Admin within an organization is automatically an Admin of every application within the organization.

For users’ with the Organization role of Member, for each application they are added to, they can be assigned one of the following roles (Developer is the default role):

  • Admin
    • can view and change all application settings
    • can see who has application access
    • can not grant access to the application to new team members (Only the Organization Admin can do this)
  • Developer
    • can view and change most application settings
    • can not see who has application access
  • Observer
    • can view most application settings, but not edit
    • can not modify any application settings
    • can not see who has application access