> ## Documentation Index
> Fetch the complete documentation index at: https://tinytalk.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Roles & Permissions

> Control what team members can do with role-based access.

Tiny Talk uses role-based access control (RBAC) to manage what each team member can do within a workspace. There are four roles, each with increasing levels of access.

## Roles overview

| Role       | Description                                                                                                                                                   |
| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Owner**  | Workspace creator. Full control including billing, member removal, and deletion.                                                                              |
| **Admin**  | Manages workspace settings, agents, knowledge bases, and can invite members and update roles. Cannot remove members, delete the workspace, or access billing. |
| **Editor** | Can create and update agents, knowledge bases, and help desk conversations. Cannot manage workspace settings, members, or integrations.                       |
| **Viewer** | Read-only access to all workspace content.                                                                                                                    |

## Permission matrix

| Resource               | Owner | Admin                     | Editor                     | Viewer       |
| ---------------------- | ----- | ------------------------- | -------------------------- | ------------ |
| **Agents**             | Full  | Full                      | Create, Read, Update       | Read         |
| **Knowledge Base**     | Full  | Full                      | Create, Read, Delete       | Read         |
| **Tools**              | Full  | Full                      | Create, Read, Update, Test | Read         |
| **Help Desk**          | Full  | Full                      | Full                       | Read         |
| **Integrations**       | Full  | Full                      | Read                       | Read         |
| **Members**            | Full  | Invite, Read, Update Role | Read                       | Read         |
| **Workspace Settings** | Full  | Full                      | Read                       | Read         |
| **Domains**            | Full  | Full                      | Read                       | Read         |
| **Secrets (API Keys)** | Full  | Full                      | Read                       | Read         |
| **Notifications**      | Full  | Full                      | Read, Update               | Read, Update |
| **Billing**            | Full  | —                         | —                          | —            |
| **Delete Workspace**   | Full  | —                         | —                          | —            |

## Key differences

* **Owner vs Admin** — Only the Owner can manage billing, delete the workspace, and remove members or cancel pending invites. Admins can invite members and update roles but cannot remove them.
* **Admin vs Editor** — Editors can work with agents and knowledge bases but cannot manage members, integrations, workspace settings, or domains.
* **Editor vs Viewer** — Viewers have read-only access. They can see agents, conversations, and resources but cannot create, edit, or delete anything. Both Editors and Viewers can update their own notification preferences.

## Assigning roles

Roles are assigned when [inviting a member](/workspace/workspaces#inviting-team-members). To change a member's role after they've joined:

1. Go to **Workspace → Members**
2. Click **Update Role** next to the member
3. Select the new role and click **Update Role**

Only **Owners** and **Admins** can update member roles. The Owner's role cannot be changed.
