AC
Acme Co. ↓
Permissions
Capability matrix · what each role can do
| Capability | Owner | Admin | Editor | Viewer | Reviewer | API user |
|---|---|---|---|---|---|---|
| View dashboards | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| View analytics | ✓ | ✓ | ✓ | ✓ | ✗ | API |
| Edit campaigns | ✓ | ✓ | ✓ | ✗ | ✗ | API |
| Edit sequences | ✓ | ✓ | ✓ | ✗ | ✗ | API |
| Edit microsites | ✓ | ✓ | ✓ | ✗ | ✗ | API |
| Approve / reject drafts | ✓ | ✓ | ✓ | ✗ | ✓ | ✗ |
| Run agents manually | ✓ | ✓ | ✓ | ✗ | ✗ | API |
| Pause / kill agents | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Edit agent config | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Manage integrations | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Manage team | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Manage roles | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Manage billing | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Delete workspace | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| View audit log | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Export data | ✓ | ✓ | ✗ | ✓ | ✗ | API |
| API access | ✓ | ✓ | ✓ | ✓ | ✗ | ✓ |
Object-level permissions
Roles can be further constrained at the object level. Examples:
• Editor may only edit sequences they own (owner = creator)
• Viewer can only see deals routed to their territory
• Reviewer queue scoped to a specific sequence variant
• Admin read-only on billing unless promoted to Owner