Gradial permissions are structured at two levels:
- Organization Roles (master permissions across all workspaces) — define a user’s global access to Gradial.
- Workspace Roles (granular permissions within a workspace) — define what a user can do inside a specific workspace.
Organization Roles (Master Permissions)
| Role | Primary User - Can Delete Org | Manage Integrations & Environments | Manage Users & Permissions | Manage Organization - Level Rules | Manage Organization - Level Design System | Create, Edit, & Run Tasks (in Public Workspaces) | View Tasks (in Public Workspaces) |
|---|---|---|---|---|---|---|---|
| Org Owner (single individual) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Org Admin (max 10) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Org Member | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Org Viewer | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
- **Org Owner **is the primary Gradial user (super-admin). This ownership can be transferred but there can only ever be one Owner. This person holds the sole rights to delete the organization and permissions should be carefully managed accordingly.
- Org Admins have full access everywhere (all public + private workspaces), but cannot delete the organization.
- Org Members and Org Viewers have automatic access to public workspaces, but must be explicitly added to private workspaces.
Workspace Roles (Per Workspace)
| Role | Delete Workspace | Assign Default Environments | Manage Workspace Users & Permissions | Create, Edit, & Run Tasks | Create & Edit Workspace Rules | Create & Edit Workspace Design System | View Org & Workspace Rules & Design System | View Workspace Tasks |
|---|---|---|---|---|---|---|---|---|
| Org Owner (single individual) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Org Admin (max 10) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Workspace Admin (max 10) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Rules Manager | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Design System Manager | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ |
| Workspace Member | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ |
| Workspace Viewer | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
- Org Admins inherit full workspace rights automatically.
- Org Members and **Org Viewers **gain access to all public workspaces; they must be added to private workspaces.
How to Modify Roles
Modify Organization Roles
- Go to Management Console → Users.
- Find the user and select Edit Role.
- Choose Org Admin, Org Member, or Org Viewer.
- Save — changes apply across the whole organization.
Modify Workspace Roles
- Open the target Workspace → Settings → Members.
- Locate the user (or invite a new one).
- Assign them a workspace role (Org Admin, Workspace Admin, Rules Manager, Design System Manager, Member, or Viewer).
- Save — changes apply only within that workspace.
Quick Notes
- There can only ever be one “Owner” and that ownership must be transferred.
- Org Admins always override workspace roles — they don’t need to be added at the workspace level.
- Rules Manager and Design System Manager are specialist contributor roles: they can create/run tasks in addition to their specific management rights.