Members & access
Manage who can see and act inside this workspace. Roles are illustrated in the prototype; enforcement is a planned capability.
Server verifies membership
Every tenant-scoped request is checked server-side. Client-side checks are UX only.
The last Owner cannot be removed
Removed members lose access immediately on next request.
Preview role permissions across Owner, Admin, Operator, and Viewer. Role preview
- AHAmelia Hartamelia@tehrandental.coOwnerActive2 min ago
- DCDaniel Chodaniel@tehrandental.coAdminActive27 min ago
- PRPriya Ramanpriya@tehrandental.coOperatorActive1 hr ago
- MLMarcus Leemarcus@tehrandental.coOperatorActiveYesterday
- SASofia Alvarezsofia@tehrandental.coViewerInvitedInvite pending
- RORenée Okaforrenee@tehrandental.coOperatorSuspended5 days ago
- TVTomás Vidaltomas@tehrandental.coViewerRemoved2 weeks ago
Permission matrix
What each role can do inside a workspace. Visualization only — server is the source of truth.
| Area | Owner | Admin | Operator | Viewer |
|---|---|---|---|---|
| Business settings | ||||
| Members | ||||
| Customers | read | |||
| Conversations | read | |||
| Messages | read | |||
| AI drafts | ||||
| Audit log | read |
Owner
- Full access
- Business settings · Members · Customers · Conversations · Messages · AI drafts · Audit log
Admin
- Full access
- Business settings · Members · Customers · Conversations · Messages · AI drafts
- Read only
- Audit log
Operator
- Full access
- Customers · Conversations · Messages · AI drafts
- Restricted
- Business settings · Members · Audit log
Viewer
- Read only
- Customers · Conversations · Messages
- Restricted
- Business settings · Members · AI drafts · Audit log
Owner
Full workspace access, members and settings. Billing planned.
Admin
Manage settings and members; full access to operations.
Operator
Reply to conversations and manage customers.
Viewer
Read-only access to inbox and customer context.
Safety & access rules
- Last Owner cannot be removed or demoted.
- Removed members lose access immediately.
- Server verifies membership on every tenant-scoped request.
- Client-side checks are UX only — never trusted for authorization.
- Suspended members keep records but cannot access the workspace. Auth planned.
- Role changes are written to the audit log.