Permissions matrix
The table below shows all available permissions and which roles have them:| Permission | owner | manager | trainer | attendant | member |
|---|---|---|---|---|---|
| manage_billing — Access and edit plans and payments | ✅ | — | — | — | — |
| manage_company — Edit company data and general settings | ✅ | ✅ | — | — | — |
| manage_agents — Create, edit, and delete agents and squads | ✅ | ✅ | ✅ | — | — |
| access_conversations — View and interact with service conversations | ✅ | ✅ | ✅ | ✅ | ✅ |
| invite_users — Invite new members and manage the team | ✅ | ✅ | — | — | — |
| view_reports — Access analytics dashboards and exports | ✅ | ✅ | — | — | — |
| manage_team — Change roles, deactivate, and remove members | ✅ | ✅ | — | — | — |
The owner has unrestricted access to all features by definition, regardless of the matrix. All other roles follow exactly the mapping above.
How permissions are checked
For every action performed in the interface, the platform queries theuseRoleAccess hook, which keeps the user’s role in memory after login. The check happens at two levels:
- Interface — buttons, menus, and pages are shown or hidden based on the user’s role. An attendant does not see the “Invite member” option in the menu.
- Backend (RLS) — all database tables have Row Level Security enabled. Even if someone tries to access data directly via API, the database policies block unauthorized access.
Role breakdown
owner
owner
Role automatically assigned to the account creator. Has access to everything: billing, company settings, agents, team, workspaces, API keys, analytics, and conversations. There can only be one owner per company. Ownership transfer is handled by support.
manager
manager
High-level operational role. Can manage everything except billing. Ideal for operations managers and team leads who need autonomy without access to financial information.
trainer
trainer
Focused on configuring and training agents. Can create, edit, and delete agents and squads, view conversations for quality analysis, but cannot manage members or view analytics reports.
attendant
attendant
Intended for human agents. Has access only to conversations for manual support when needed. Cannot see settings, agents, or analytics.
member
member
Minimum access for viewing conversations. Useful for observers, stakeholders, or team members who need to follow the service without interacting with settings.