Angelica Angelis
Angelica Angelis
  • Updated

Custom roles 

INCLUDED IN
This feature is included in our Enterprise plan, and available as a paid add-on in our Business plan.

With custom roles, you can create tailored permission sets to better match your organization’s needs. This allows you to enhance security, streamline workflows, and ensure that users only have access to the features and data they need.

There are predefined roles that cannot be edited. These roles are locked (indicated by a padlock icon) and are designed to help you get started. With custom roles, you can go beyond these limitations and combine both account and workspace permissions into a single role.

Create a custom role

Create a unique role and tailor exactly which permissions it should include.

When creating a custom role, no permissions are enabled by default. You need to manually select all permissions you want the role to include.

  1. Go to Admin > Roles > click on "+ Create role"
  2. Name the role > click on the tab Permissions > Toggle on the permissions you want to activate > Confirm.
Screen Recording 2026-04-02 at 10.12.04.gif

Permission labels

Each permission is marked with a label that shows where the permission can be applied. These labels help you understand in which context the permission will take effect.

For example, a permission with the label Account will not have any effect if the role is assigned only to a workspace. However, if you assign the same role at the account level, the user will be able to use that permission as intended.

Account Permissions with account labels can be applied at the account level (via Account access)
Organizational unit Permissions with the Organizational unit label can be applied to a specific organizational unit through Organizational unit access.
Workspace Permissions with workspace labels can be applied only on workspace (via workspace access)
Account, Organizational unit or Workspace Can be applied at either level.
   
NOTE
The label determines where the permission can take effect. If a role is assigned in a context where the permission does not apply, that permission will not have any effect.

Account, organizational unit, or workspace access

Once you’ve created a custom role and selected its permissions, you can to assign it to a user or group and choose where the role should apply.

You can grant access at three levels:

Account level
Gives the user or group access across the entire account. If the role includes permissions labeled Workspace or Account and Workspace, the user or group gets those permissions in all organizational units and all workspaces on the account.

Organizational unit level
Gives the user or group access to a specific organizational unit and everything below it in the hierarchy. This includes any sub-organizational units and the workspaces connected to them.

Access is not applied upwards in the hierarchy. This means the user or group does not get access to parent organizational units or other units outside that branch.

Workspace level
Gives the user or group access only to a specific workspace.

🔗 Click here to read more about how to grant access to account and workspaces

Related to

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request