Skip to main content

Roles

Roles control what an Account can do inside /org.

The four default roles

RoleDescriptionEditableDeletable
OwnerThe super-admin. Visible only to the Owner themselves.NoNo
AdministratorLike Owner, but cannot create Administrators.NoNo
DefaultEmpty role with no permissions. Used as a fallback: when a custom role is deleted, every account that had it gets reassigned to Default.NoNo
DeveloperDesigned for flow developers. Default permissions are empty — edit it to grant what your developers need.Yes — only its permissionsNo

The pattern: defaults can't be deleted; only Developer's permission set can be edited. Custom roles you create on top of these can be edited and deleted freely.

Creating a custom role

Roles → Create opens a form with one field:

  • Role title

After submission, you're redirected to the edit page where you assign permissions.

Editing a role

Each permission can be set to Read or Write.

Constraint: You cannot grant Write on a permission resource without Read also being granted. Read is the floor.

Logout-on-change rule

When permissions on a role are changed (or the role is deleted), every account that has that role is immediately logged out, so the new permissions are picked up cleanly on next login.

This is intentional: it prevents stale sessions from continuing under permissions the admin already revoked.

  • Accounts — accounts pick up permissions through their assigned role.