Roles & Permissions
An overview of user roles & permissions for access control.
Overview
Kognitos uses a role-based access control (RBAC) system to manage who can access your automations and what actions they can perform. Roles can be assigned at two levels:
Organization: Grants access and permissions across all workspaces in the organization
Workspace: Limits access and permissions to a specific workspace in the organization
Organization-Level Roles
Organization-level roles provide broad access across all workspaces in an organization. These roles are designed for executives and administrators who need organization-wide visibility and control.
1. Account Owner
Has complete administrative control over the entire organization and all its workspaces.
This role is automatically assigned to whoever owns the organization. Ownership can be transferred by either the current owner or the Kognitos support team.
2. Org Admin
Has near-complete administrative access across the organization and all its workspaces, except the Org Admin cannot delete the organization or remove the current Account Owner.
3. CXO
Provides high-level, read-only oversight across the organization. It is designed for executives who need visibility into performance and metrics without operational access.
Organization-Level Permissions
View Workspaces
✅
✅
✅
Create Workspaces
✅
✅
❌
Edit Workspaces
✅
✅
❌
Delete Workspaces
✅
✅
❌
Delete Organization
✅
❌
❌
Manage Users (Add, Edit, Remove)
✅
✅
❌
Manage Org Preferences
✅
✅
❌
View Automation Aggregates
✅
✅
✅
View Automation Runs
✅
✅
✅
Manage Org-Level API Keys
✅
✅
❌
Workspace-Level Roles
Workspace-level roles are scoped to individual workspaces. Users can have different roles across different workspaces based on their responsibilities in the automation workflow.
1. Workspace Admin
Complete control within a workspace, including automations, exceptions, guides, and connections.
2. Automation Author
Focused on developing and testing automations. Can create, edit, fork, restore, validate, publish, and invoke automations.
3. Automation Operator
Focused on day-to-day execution. Can run and monitor automations, manage runs, resolve exceptions, and read guides, but cannot modify automations.
4. Member
This role has limited access to invoke automations and observe their execution. It can view runs and exceptions, but it cannot create, modify, publish, schedule, delete, or configure any system resource.
5. IT / Integrator
Manages integrations, connections, and credentials. Has no access to automation logic or exceptions, ensuring clear separation between integration management and process execution.
Workspace-Level Permissions
Edit/Delete Workspace
✅
❌
❌
❌
❌
Manage Users (Add, Edit, Remove)
✅
❌
❌
❌
❌
View Connections
✅
✅
❌
❌
✅
Manage Connections (Add, Edit, Remove)
✅
❌
❌
❌
✅
Manage Books (Add, Edit, Remove)
✅
❌
❌
❌
✅
View Automations
✅
✅
✅
✅
❌
Create Automations
✅
✅
❌
❌
❌
Edit Automations
✅
✅
❌
❌
❌
Delete Automations
✅
✅
❌
❌
❌
Fork Automations
✅
✅
❌
❌
❌
Publish Automations
✅
✅
❌
❌
❌
Invoke Automations
✅
✅
✅
✅
❌
View Runs
✅
✅
✅
✅
❌
Manage Runs (Start, Control)
✅
✅
✅
❌
❌
Manage Schedules (Create, Edit, Delete)
✅
✅
❌
❌
❌
View Exceptions
✅
✅
✅
✅
❌
Manage Exceptions (Control, Resolve)
✅
✅
✅
❌
❌
View Guides
✅
✅
✅
❌
❌
Manage Guides (Create, Edit, Delete)
✅
✅
❌
❌
❌
Manage API Keys (Add, Edit, Revoke)
❌
❌
❌
❌
✅
Last updated
Was this helpful?