Roles & Permissions
Understanding the four employer roles and how permissions work across the platform.
The Four Roles
| Role | Description |
|---|---|
| Owner | Full access to everything. One per workspace. Can configure permissions and transfer ownership. |
| Admin | Full access by default. Permissions configurable by the Owner. |
| Member | Read access by default. Can view but not modify most things. |
| Associate | Minimal access by default. Designed for external reviewers or limited collaborators. |
Permission Areas
Permissions are organized into areas, each independently configurable:
| Area | What It Controls |
|---|---|
| Postings | Create, edit, delete job postings |
| Candidates | Invite, revoke, reset candidates |
| Scorecards | View candidate scores and evaluations |
| Transcripts | View interview transcripts |
| Comparison | Access side-by-side candidate comparison |
| Analytics | View scoring analytics and charts |
| Exports | Download CSV and PDF reports |
| Team | Invite, remove, and change roles |
| Talent Pool | Search and import from the talent pool |
| Integrations | ATS connections and webhook configuration |
| Sessions | Employee session creation and management |
Access Levels
| Level | Meaning |
|---|---|
| Full | Read and write — can view and modify |
| View Only | View only — can see data but not change it |
| Own Only | Can only see resources they personally created or were assigned to |
| Hidden | Completely invisible — not in sidebar, not in API responses |
Default Permissions
| Area | Owner | Admin | Member | Associate |
|---|---|---|---|---|
| Postings | Full | Full | View Only | View Only |
| Candidates | Full | Full | View Only | View Only |
| Scorecards | Full | Full | View Only | View Only |
| Transcripts | Full | Full | Hidden | Hidden |
| Comparison | Full | Full | View Only | View Only |
| Analytics | Full | Full | View Only | Hidden |
| Exports | Full | Full | Hidden | Hidden |
| Team | Full | Hidden | Hidden | Hidden |
| Talent Pool | Full | Full | View Only | Hidden |
How Enforcement Works
Permissions are enforced at three independent layers, so there's no way to bypass them from the UI:
UI layer — sidebar items and action buttons are hidden or disabled based on your role's permissions
API layer — every request checks your role's permissions server-side, returning a 403 if insufficient
Data layer — even if you navigate directly to a URL, fields you lack permission for are stripped from the API response before it reaches your browser
Permission changes made in Settings > Permissions take effect immediately for all active sessions. Team members do not need to sign out and back in.
What a Restricted User Sees
If a team member opens an area where their role is set to Hidden or attempts a write action where their role is View Only, they see an Access Restricted screen instead of an empty page or a silent failure. The screen names the area and points them to their workspace owner. Sidebar entries for fully Hidden areas are not rendered at all.
If a team member reports they cannot find a feature they expect to use, check Settings > Permissions for their role before assuming a bug.