Roles
Roles control what an Account can do inside /org.
The four default roles
| Role | Description | Editable | Deletable |
|---|---|---|---|
| Owner | The super-admin. Visible only to the Owner themselves. | No | No |
| Administrator | Like Owner, but cannot create Administrators. | No | No |
| Default | Empty role with no permissions. Used as a fallback: when a custom role is deleted, every account that had it gets reassigned to Default. | No | No |
| Developer | Designed for flow developers. Default permissions are empty — edit it to grant what your developers need. | Yes — only its permissions | No |
The pattern: defaults can't be deleted; only Developer's permission set can be edited. Custom roles you create on top of these can be edited and deleted freely.
Creating a custom role
Roles → Create opens a form with one field:
- Role title
After submission, you're redirected to the edit page where you assign permissions.
Editing a role
Each permission can be set to Read or Write.
Constraint: You cannot grant Write on a permission resource without Read also being granted. Read is the floor.
Logout-on-change rule
When permissions on a role are changed (or the role is deleted), every account that has that role is immediately logged out, so the new permissions are picked up cleanly on next login.
This is intentional: it prevents stale sessions from continuing under permissions the admin already revoked.
Related
- Accounts — accounts pick up permissions through their assigned role.