User Roles & Permissions

Learn how to manage access control and permissions in Custojo

User Roles & Permissions

Custojo's role-based access control system allows you to define who can access what within your organization. This guide covers everything you need to know about managing user roles and permissions effectively.

Secure Your Workspace

Properly configured roles and permissions are essential for maintaining security and operational efficiency. By assigning appropriate access levels to different users, you can ensure that team members have exactly the access they need—no more, no less.

Understanding Roles and Permissions

Key Concepts

Before diving into the specifics, it's important to understand the difference between roles and permissions:

  • Roles: Predefined sets of permissions assigned to users (e.g., Administrator, Manager, Member)
  • Permissions: Specific actions a user can perform (e.g., create projects, view reports, manage users)
  • Access Control: The system that enforces these permissions throughout the application

Custojo uses a hierarchical permission system where higher-level roles inherit all permissions from lower-level roles, plus additional capabilities.

Default User Roles

Owner

Highest level of access

The Owner has complete control over the entire workspace, including billing, subscription management, and the ability to delete the workspace. There can only be one Owner per workspace.

Key Capabilities:

  • • Manage billing and subscription
  • • Delete or transfer workspace ownership
  • • Access all features and settings
  • • Create and manage all roles
  • • Add/remove any user

Administrator

Extensive management capabilities

Administrators have broad access to manage most aspects of the workspace, excluding billing and workspace deletion. They can configure settings, manage users, and oversee all projects.

Key Capabilities:

  • • Configure workspace settings
  • • Manage users and roles
  • • Access all projects and data
  • • Create and manage custom roles
  • • Cannot access billing or delete workspace

Manager

Project-level control

Managers can create and oversee projects, add team members to projects they manage, and access most workspace features. They cannot modify workspace-level settings or manage billing.

Key Capabilities:

  • • Create and manage projects
  • • Add/remove users from their projects
  • • Access reports and analytics
  • • Manage project settings
  • • Cannot modify workspace settings

Member

Standard user access

Members are standard users who can access projects they're assigned to, create and edit tasks, and collaborate with team members. They have limited administrative capabilities.

Key Capabilities:

  • • Access assigned projects
  • • Create and edit tasks
  • • Upload and manage files
  • • Track time on tasks
  • • Participate in discussions

Guest

Limited, view-only access

Guests have restricted access to specific projects they've been invited to. They can view content but cannot create or modify most items. This role is ideal for clients or external stakeholders.

Key Capabilities:

  • • View specific projects only
  • • Add comments (if enabled)
  • • Download shared files
  • • Cannot create tasks or projects
  • • Cannot access workspace settings
Note:

Pro Tip: Start with the principle of least privilege—assign users the minimum access level they need to perform their job functions. You can always upgrade permissions later if necessary.

Managing User Roles

Assigning and Changing Roles

  1. 1

    Go to Workspace Settings

    Click on the gear icon in the workspace navigation menu.

  2. 2

    Select "Members"

    Navigate to the Members tab in the settings menu.

  3. 3

    Invite New Members

    Click "Invite Members" to add new users.

  4. 4

    Select Role

    Choose the appropriate role from the dropdown menu for each new user.

  5. 5

    Send Invitations

    Click "Send Invites" to email invitations with the assigned roles.

Creating Custom Roles

When to Create Custom Roles

Default roles work for most organizations, but custom roles can be valuable when:

  • Specialized Teams

    Teams need access to specific features only

  • Complex Workflows

    Workflows require granular permission control

  • Temporary Access

    Users need time-limited access to certain features

  • External Collaborators

    Partners need more access than guests but less than members

Creating a Custom Role

  1. 1

    Go to Workspace Settings > Roles & Permissions

  2. 2

    Click "Create New Role"

  3. 3

    Name the role and add a description

  4. 4

    Configure permissions by category:

    • • Projects & Tasks
    • • Team Management
    • • Financial
    • • Reports & Analytics
    • • Settings & Configuration
  5. 5

    Save the new role

Permission Categories

Understanding Permission Categories

Custojo organizes permissions into logical categories to make role configuration more intuitive:

Controls what users can do with projects and tasks:

View Projects

Can see projects they have access to

Create Projects

Can create new projects

Edit Projects

Can modify project details and settings

Delete Projects

Can permanently remove projects

Manage Tasks

Can create, edit, and delete tasks

Assign Tasks

Can assign tasks to team members

Role-Based Access Examples

Common Role Configurations

Here are some examples of how different organizations might configure their roles:

Small Agency (5-15 people)

  • Owner (1 person)

    Agency founder with full access

  • Administrators (1-2 people)

    Operations manager and/or finance director

  • Project Managers (2-3 people)

    Team leads who manage client projects

  • Team Members (remaining staff)

    Designers, developers, and other specialists

  • Clients (external)

    Limited access to their specific projects

Mid-Size Company (50-200 people)

  • Owner/Executive (1 person)

    CEO or CTO with full system access

  • Department Heads (5-10 people)

    Directors with administrative access

  • Finance Team (custom role)

    Special access to financial features only

  • Team Managers (15-25 people)

    Middle management with project creation rights

  • Staff (majority of employees)

    Regular team members with task management access

Best Practices for Role Management

Security Best Practices

  • Least Privilege Principle: Grant users only the permissions they need to perform their job functions
  • Regular Audits: Review user roles and permissions quarterly to ensure they remain appropriate
  • Separation of Duties: Divide critical functions among different users
  • Document Role Definitions: Maintain clear documentation of what each role can access
  • Offboarding Process: Immediately revoke access when users leave the organization

Next Steps

Workspace Management

Learn how to organize and manage your workspaces.

User Management

Discover how to add, remove, and manage users in your workspace.

Note:

Pro Tip: When setting up roles for a new organization, start with a simple structure and add complexity only as needed. Over-engineering your permission system can lead to confusion and administrative overhead.