Yes, but only the current Owner can do this. Note that you can only have one Owner, so the current Owner would need to transfer ownership, which requires contacting support.
Roles and Permissions
Ansehn uses a two-tier role-based access control (RBAC) system that provides granular control over what users can do within your organization. This guide will help you understand the available roles, their permissions, and how to effectively manage access for your team.
Inviting users to your Organization
For detailed information on inviting users to Ansehn, please visit our Invite users page.
Two-Tier Role System
Ansehn operates on two levels:
Organization Role: Your baseline role in the organization (controls access to billing, team management, and organization settings)
Project Role: Project-specific roles that can differ from your organization role
This separation allows for flexible access control where users can have different roles for different projects while maintaining a consistent organization role.
Available Roles
Ansehn provides four distinct roles, each designed for specific use cases:
Role | Best For | Key Capabilities |
|---|---|---|
Owner | Founders, executives | Full access including billing, team management, and all features |
Admin | Managers, directors | Project management, team invitations, analytics (limited org management) |
Agency | External partners, consultants | Full project access with collaboration capabilities |
Viewer | Stakeholders, read-only users | View-only access to projects and analytics |
Project Role Overrides
One of Ansehn's most powerful features is the ability to grant users different roles for specific projects. This allows for fine-grained access control tailored to your organizational structure.
How It Works
A user's effective permissions for a project are determined by resolving:
Organization Role (baseline): Their default role in the organization
Project Role (override): A project-specific role that can differ from their org role
The project role completely overrides the organization role for that specific project, granting the permissions associated with the project role instead.
Example Scenarios
Scenario 1: Elevated Project Access
User Sarah
- Organization Role: Viewer
- Project Role "Client Project A": Admin
- Project Role "Client Project B": No Access
Result:
- Has no access to Organization settings
- Has full Admin access to "Client Project A"
- "Client Project B" does not even appear in the project listEffective Result: User Sarah has Admin permissions on Project "Client Project A", Viewer permissions everywhere else, and no access to "Client Project B".
Understanding Roles vs. Permissions
Roles and Permissions are related but distinct concepts:
Roles: Labels assigned to users (Owner, Admin, Agency, Viewer)
Permissions: Specific capabilities granted by those roles (canCreateProjects, canEditMonitors, etc.)
The relationship: Role → Grants → Permissions
For example, the Admin role automatically grants permissions like canCreateMonitors, canEditPrompts, canViewAnalytics, etc.
Permission Comparison Matrix
Organization-Level Permissions
Permission | Owner | Admin | Agency | Viewer |
|---|---|---|---|---|
Organization Management | ||||
View organization settings | ✅ | ✅ | ❌ | ❌ |
Edit organization settings | ✅ | ✅ | ❌ | ❌ |
Delete organization | ✅ | ❌ | ❌ | ❌ |
Manage API keys | ✅ | ❌ | ❌ | ❌ |
Configure integrations | ✅ | ✅ | ❌ | ❌ |
Billing & Subscriptions | ||||
View billing information | ✅ | ✅ | ❌ | ❌ |
Manage subscriptions | ✅ | ✅ | ❌ | ❌ |
Team Management | ||||
View team members | ✅ | ✅ | ✅ | ✅ |
Invite users | ✅ | ✅ | ❌ | ❌ |
Change user roles | ✅ | ✅ | ❌ | ❌ |
Remove users | ✅ | ❌ | ❌ | ❌ |
Deactivate users | ✅ | ❌ | ❌ | ❌ |
Project Management | ||||
Create projects | ✅ | ✅ | ✅ | ❌ |
Delete projects | ✅ | ✅ | ❌ | ❌ |
Project-Level Permissions
Permission | Owner | Admin | Agency | Viewer |
|---|---|---|---|---|
Project Access | ||||
View projects | ✅ | ✅ | ✅ | ✅ |
Edit projects | ✅ | ✅ | ✅ | ❌ |
Monitors | ||||
View monitors | ✅ | ✅ | ✅ | ✅ |
Create monitors | ✅ | ✅ | ✅ | ❌ |
Edit monitors | ✅ | ✅ | ✅ | ❌ |
Delete monitors | ✅ | ✅ | ❌ | ❌ |
Prompts | ||||
View prompts | ✅ | ✅ | ✅ | ✅ |
Create prompts | ✅ | ✅ | ✅ | ❌ |
Edit prompts | ✅ | ✅ | ✅ | ❌ |
Delete prompts | ✅ | ✅ | ❌ | ❌ |
Execute prompts | ✅ | ✅ | ✅ | ❌ |
Analytics & Data | ||||
View analytics | ✅ | ✅ | ✅ | ✅ |
Export data | ✅ | ✅ | ✅ | ❌ |
View competitor data | ✅ | ✅ | ✅ | ✅ |
Access advanced analytics | ✅ | ✅ | ✅ | ❌ |
User Interface Behavior
Permission-Restricted Actions
When a user lacks permission for an action, Ansehn provides clear visual feedback:
Buttons remain visible but appear disabled with a lock icon
Hovering over disabled buttons displays a tooltip explaining why the action is unavailable
The tooltip includes the user's effective role and suggests contacting an admin for access
This design ensures users:
Know which features exist (discoverability)
Understand why they can't access them (education)
Know who to contact for elevated access (actionability)
Example Tooltip
"Viewer role cannot create prompts. Contact an admin to request access."
Best Practices
Role Assignment Guidelines
Start Conservative, Promote Gradually
New User → Viewer → Agency → Admin → OwnerBegin with minimal access and increase permissions as trust and needs grow.
Use Project Overrides Strategically
Client-specific access: Give external partners access only to their projects
Confidential projects: Restrict access even for high-level roles
Training projects: Give elevated access to specific projects for learning
Role Selection by Use Case
Use Case | Recommended Role | Project Overrides |
|---|---|---|
External marketing agency | Agency | Admin on client projects |
Freelance consultant | Viewer | Admin on specific project |
Client stakeholder | Viewer | Viewer on their project only |
Department head | Admin | Admin on all department projects |
Executive oversight | Viewer | Viewer on all projects |
Finance/billing admin | Owner | N/A (needs org-level access) |
New employee (onboarding) | Viewer | Gradually add project access |
Security Recommendations
Regular Audits
Review team members quarterly
Remove inactive users promptly
Verify role assignments match current responsibilities
Check project-specific permissions for accuracy
Principle of Least Privilege
Grant minimum necessary permissions
Use project overrides to limit access
Avoid making everyone an Admin
External Collaboration
Use Agency role for external partners
Apply project-specific permissions for client work
Set project role to None for confidential projects
Review external access during offboarding
Invitation Management
Monitor pending invitations
Expire and resend stale invitations
Verify email addresses before sending
Document who invited whom (automatic audit trail)
FAQ and Troubleshooting
Can a user be promoted to Owner?
Can project permissions grant more access than organization role?
Yes! This is a key feature. A Viewer at the organization level can have Admin access to specific projects through project role overrides.
What happens when a user is deactivated?
User immediately loses access to the organization
All historical data remains intact
Project assignments are preserved
Can be reactivated by the Owner by contacting support.
Can Agency users invite other Agency users?
No. Only Owners and Admins can invite new team members.
Do project permissions affect billing access?
No. Billing access is purely organization-level. Only Owners and Admins can view/manage billing regardless of project permissions.
Can I have multiple Owners?
No. Only one Owner per organization is enforced by the system for security and accountability. Consider using the Admin role for additional leadership team members
What happens to projects when the Owner leaves?
Projects remain intact as they belong to the organization, not individual users. You'll need to assign a new Owner (contact support for ownership transfer).
I can't invite team members
Check: Your role must be Owner or Admin
Solution: Ask an Owner or Admin to invite the user, or request a role upgrade
A user can't see a specific project
Check: Project-specific permissions might be set to "None"
Solution: Navigate to Settings → Team → Edit user → Update project permissions
A user has too much access to a project
Check: Either organization role is too high or project override is too permissive
Solution: Either lower org role or add project-specific restriction
An invitation has expired
Check: Invitations expire after 7 days
Solution: Resend invitation from Settings → Team → Pending Invitations
Was this helpful?