Internal demo
Role-Based Access Preview
Preview how Owner, Admin, Operator, and Viewer experience the same workspace.
Client-side role previews are for UX only. Server-side authorization must enforce all permissions. Every tenant-scoped request is verified server-side.
Current mock user
Switch roles to preview the workspace.
- Role
- Owner
- Status
- Active
- Permission level
- Full access
Full workspace access. Can manage members, settings, channels, and AI.
Permission summary
What Owner can do across the workspace.
- Reply to conversationsAllowed
- Assign conversationsAllowed
- Close conversationsAllowed
- Add internal notesAllowed
- View customersAllowed
- Edit customersAllowed
- Invite membersAllowed
- Change member rolesAllowed
- Manage workspace settingsAllowed
- Configure AI settingsAllowed
- Configure AI settingsAllowed
- Reply to conversationsAllowed
- View audit logAllowed
- Export dataAllowed
- Configure channelsAllowed
Permission matrix
Full capability list. Highlighted column = current preview role.
| Capability | Owner | Admin | Operator | Viewer |
|---|---|---|---|---|
| View dashboard | Allowed | Allowed | Allowed | Allowed |
| View inbox | Allowed | Allowed | Allowed | Allowed |
| Reply to conversations | Allowed | Allowed | Allowed | Not allowed |
| Assign conversations | Allowed | Allowed | Partial | Not allowed |
| Close conversations | Allowed | Allowed | Partial | Not allowed |
| Add internal notes | Allowed | Allowed | Allowed | Not allowed |
| View customers | Allowed | Allowed | Allowed | Allowed |
| Edit customers | Allowed | Allowed | Allowed | Not allowed |
| Invite members | Allowed | Allowed | Not allowed | Not allowed |
| Change member roles | Allowed | Partial | Not allowed | Not allowed |
| Configure channels | Allowed | Allowed | Not allowed | Not allowed |
| Configure AI settings | Allowed | Allowed | Not allowed | Not allowed |
| Manage knowledge base | Allowed | Allowed | Not allowed | Not allowed |
| View audit log | Allowed | Allowed | Partial | Not allowed |
| Export data | Allowed | Allowed | Not allowed | Not allowed |
| Manage workspace settings | Allowed | Partial | Not allowed | Not allowed |
- View dashboardAllowedAllowed
- View inboxAllowedAllowed
- Reply to conversationsAllowedAllowed
- Assign conversationsAllowedAllowed
- Close conversationsAllowedAllowed
- Add internal notesAllowedAllowed
- View customersAllowedAllowed
- Edit customersAllowedAllowed
- Invite membersAllowedAllowed
- Change member rolesAllowedAllowed
- Configure channelsAllowedAllowed
- Configure AI settingsAllowedAllowed
- Manage knowledge baseAllowedAllowed
- View audit logAllowedAllowed
- Export dataAllowedAllowed
- Manage workspace settingsAllowedAllowed
Role-specific preview — Owner
How the workspace behaves for the selected role. All actions are mock-only.
Inbox actions
Workspace actions
Read-only form field
Editable for this role.
Locked setting row
Only the current Owner can transfer ownership.
Full IP/device metadata is restricted.
Access denied examples
How blocked actions surface to the user.
- Required:
- Operator
- Current:
- Viewer
Viewer is read-only and cannot send replies.
Next step: Ask an Operator or Admin to send the reply.
- Required:
- Admin
- Current:
- Viewer
Export is restricted to Owner and Admin.
Next step: Request the export from a workspace Admin.
- Required:
- Admin
- Current:
- Operator
Operators cannot manage workspace settings.
Next step: Ask an Admin or Owner to change the setting.
- Required:
- Admin
- Current:
- Operator
Operators cannot invite members.
Next step: Request an invite from an Admin or Owner.
- Required:
- Owner
- Current:
- Admin
Only the current Owner can transfer ownership.
Next step: Ask the workspace Owner to initiate the transfer.
Want to see how this connects to members and settings?