Roles & Permissions

Every person on your team has a role. That role determines what they can see, what they can change, and what they can approve. Audra Flow uses five roles to give you fine-grained control over who does what — without slowing anyone down.

Whether you are a startup with three people or an enterprise with hundreds, the role system keeps your workspace organized and your data safe. The right people get the right access, and nothing more.

Why Roles Matter

Roles solve three problems at once:

Visibility — Team members only see what is relevant to their work. Guests, for example, only see the specific projects they have been invited to.
Editing control — Only the people who should be making changes can make changes. Viewers can browse everything but cannot modify artifacts.
Governance and security — Sensitive actions like managing billing, deleting projects, or approving deliverables are restricted to the roles that should handle them. Every action is logged, so you always have a record of who did what.

The Five Roles

Audra Flow has five roles, from the most access (Owner) to the least (Guest). Here is what each role is designed for and what it can do.

Role	Who Is It For?	What They Can Do	What They Cannot Do
Owner	The person or people responsible for the entire organization account.	Everything. Manage billing, organization settings, all projects, all team members. Create, edit, approve, and delete any artifact. Access audit logs and configure integrations.	There are no restrictions for the Owner role.
Admin	Team leads, managers, and senior staff who oversee day-to-day operations.	Add and remove team members. Assign roles to users. Manage project settings and templates. Create, edit, and approve all artifacts. View audit logs. Configure AI agent settings.	Cannot manage billing or delete the organization. Cannot change organization-level settings that Owners control.
Editor	Product managers, designers, engineers — anyone who contributes to project work.	Create new artifacts (goals, personas, journeys, user stories, and more). Edit their own artifacts and those shared with them. Use AI agents like the Product Guru, UX Researcher, and Architect. Submit artifacts for review. Add comments.	Cannot approve artifacts. Cannot add or remove team members. Cannot change project settings or templates. Cannot access audit logs.
Viewer	Stakeholders, executives, and anyone who needs to stay informed but does not contribute directly.	Browse all project artifacts in read-only mode. View the traceability graph. Read comments and discussions. Add comments to provide feedback.	Cannot create or edit artifacts. Cannot use AI agents to generate content. Cannot approve artifacts. Cannot change any settings.
Guest	External collaborators, clients, or contractors who need access to a specific project.	View artifacts in the projects they have been assigned to. Read comments on those artifacts.	Cannot see projects they have not been assigned to. Cannot create or edit anything. Cannot add comments. Cannot use AI agents. Cannot see the audit log or organization-level settings.

Permissions by Action

The table below shows exactly which actions are available to each role. Use this as a quick reference when deciding what role to assign to a team member.

Action	Owner	Admin	Editor	Viewer	Guest
Create artifacts	Yes	Yes	Yes	No	No
Edit artifacts	Yes	Yes	Yes	No	No
Approve artifacts	Yes	Yes	No	No	No
Add comments	Yes	Yes	Yes	Yes	No
Use AI agents	Yes	Yes	Yes	No	No
Manage team members	Yes	Yes	No	No	No
Manage project settings	Yes	Yes	No	No	No
Manage templates	Yes	Yes	No	No	No
Manage organization settings	Yes	No	No	No	No
Manage billing	Yes	No	No	No	No
View audit log	Yes	Yes	No	No	No
View traceability graph	Yes	Yes	Yes	Yes	No

Role Assignment

Owners and Admins are the only people who can assign roles. Here is how it works:

Adding a Team Member

Go to Organization Settings and select the Team tab.
Click Invite Member.
Enter the person's email address and choose a role from the dropdown (Admin, Editor, Viewer, or Guest).
Click Send Invitation. The person will receive an email with a link to join your organization.

Once they accept the invitation, they will appear in your team list with the role you selected.

Changing a Role

To change someone's role, open the Team tab, find the person, and select a new role from the dropdown next to their name. The change takes effect immediately — the next time they load any page, they will see the interface adjusted for their new permissions.

Per-Project Role Assignments

In addition to organization-wide roles, you can assign roles at the project level. This is especially useful for Guests, who typically need access to only one or two projects. It is also helpful when an Editor on one project needs Viewer-only access to another.

To assign a project-specific role, open the project, go to Project Settings, and use the Members tab to add people and choose their role for that project. A project-level role overrides the organization-wide role for that specific project only.

What Each Role Sees

Here are practical examples of how each role experiences Audra Flow day to day.

As an Owner

You see everything. The sidebar shows all projects, all team members, and all organization settings including billing. You can jump into any project, edit any artifact, approve any deliverable, and review the full audit log. The dashboard shows organization-wide metrics and activity.

As an Admin

Your view is nearly identical to the Owner, except you do not see billing settings or certain organization-level controls. You can manage team members, create and edit templates, approve artifacts, and access the audit log. You are the go-to person for day-to-day team management.

As an Editor

You see all the projects you are assigned to, with full editing capabilities. You can create new artifacts — goals, personas, user journeys, user stories, and more. You can use AI agents to help generate and refine your work. When an artifact is ready, you submit it for review, but you cannot approve it yourself. The traceability graph is available so you can see how your work connects to the broader product.

As a Viewer

You see all project artifacts in read-only mode. You can browse through every phase — Discovery, Definition, Design, and Delivery — and read everything. You can view the traceability graph to understand how artifacts connect. You can add comments to provide feedback, but you cannot create or edit artifacts. The AI agent tools are not available to you.

As a Guest

You only see the projects you have been specifically invited to. Within those projects, you can read artifacts and follow along. You cannot add comments, create anything, or see other projects in the organization. This role is designed for external stakeholders who need visibility into specific work without access to the rest of your workspace.

Enterprise SSO

For organizations that manage identity through a central provider, Audra Flow supports single sign-on (SSO) with Azure Active Directory using the OpenID Connect (OIDC) protocol.

When SSO is enabled, your team signs in with their existing corporate credentials. You do not need to manage separate passwords in Audra Flow. When someone leaves the organization and their account is deactivated in Azure AD, they automatically lose access to Audra Flow as well.

SSO also works with your existing role mapping. Admins can configure rules that automatically assign Audra Flow roles based on Azure AD groups. For example, everyone in the “Product Team” group could be assigned the Editor role, while the “Leadership” group gets the Viewer role.

Next Steps

Learn how your team works together day to day in the Collaboration & Approvals guide.
See the Security & RBAC page for a deeper look at how permissions are enforced and how data is protected.
Ready to start building? Head to Creating Your First Project to set up your workspace.