Roles & permissions
Login

Roles & permissions

The five roles, the exact capabilities each grants, and how access is actually enforced.

The event staff list

Every member has exactly one role per organization, ordered most → least privileged: owner → admin → editor → check-in → viewer. Each role maps to a fixed set of capabilities; the principle to follow is least privilege - give someone the smallest role that still lets them do their job.

Capabilities by role

CapabilityOwnerAdminEditorCheck-inViewer
Edit events, tickets, forms, promo, seatingYesYesYes--
Run check-inYesYesYesYes-
View reports & exportsYesYesYes-Yes
Manage team (invite/remove/roles)YesYes---
Manage billing & planYesYes---
Connect/disconnect paymentsYesYes---
Org settings (profile, branding, notifications)YesYes---
Delete the organizationYes----

Role summaries

  • Owner - everything, including deleting the organization. Typically the founder/account holder.
  • Admin - everything except deleting the org.
  • Editor - builds and runs events (content + check-in + reports), but no team, billing, integrations, or settings.
  • Check-in - door staff; admit attendees only.
  • Viewer - read-only visibility (reports/attendees); no changes succeed.

How it's enforced

Permissions are enforced in depth, not just hidden in the UI: navigation is filtered to your capabilities, server actions re-check on every write, and the database's row-level security is the final backstop - so a viewer's write fails even if the button were somehow reached.

Use Check-in for door staff at an event and Viewer for stakeholders (sponsors, finance) who need numbers but must not change anything.