Team & Permissions
Roles & Permissions
Understanding the four employer roles and how permissions work.
Four Roles
| Role | Description |
|---|---|
| Owner | Full access to everything. One per workspace. Can configure permissions and transfer ownership. |
| Admin | Full access by default. Permissions configurable by owner. |
| Member | Read access by default. Can view but not modify most things. |
| Associate | Minimal access by default. Designed for external reviewers or limited collaborators. |
Permission Areas
Permissions are organized into 9 areas, each with three access levels:
| Area | What It Controls |
|---|---|
| Postings | Create, edit, delete job postings |
| Candidates | Invite, revoke, reset candidates |
| Scorecards | View candidate scores and evaluations |
| Transcripts | View interview transcripts |
| Comparison | Access side-by-side candidate comparison |
| Analytics | View scoring analytics and charts |
| Exports | Download CSV and PDF reports |
| Team | Invite, remove, change roles |
| Talent Pool | Search and import from talent pool |
Access Levels
| Level | Meaning |
|---|---|
| Full | Read and write access — can view and modify |
| Read | View only — can see data but not change it |
| Hidden | Completely invisible — not in sidebar, not in API responses |
Default Permissions
| Area | Owner | Admin | Member | Associate |
|---|---|---|---|---|
| Postings | Full | Full | Read | Read |
| Candidates | Full | Full | Read | Read |
| Scorecards | Full | Full | Read | Read |
| Transcripts | Full | Full | Hidden | Hidden |
| Comparison | Full | Full | Read | Read |
| Analytics | Full | Full | Read | Hidden |
| Exports | Full | Full | Hidden | Hidden |
| Team | Full | Hidden | Hidden | Hidden |
| Talent Pool | Full | Full | Read | Hidden |
How Enforcement Works
Permissions are enforced at three layers:
- UI — sidebar items and buttons are hidden or disabled based on your permissions
- API — every request checks your role's permissions, returning 403 if insufficient
- Data stripping — even if you access a candidate page, fields you lack permission for are stripped from the response