What are roles and permissions?
Overview
Roles and permissions in TheyDo control what users can see and do — both across the organization and within individual workspaces. Every user is assigned two sets of roles: one at the organization level and one at the workspace level.
Before you start
You need the Organization Admin role to manage organization-level roles and invite users. Workspace Admins can manage roles within their own workspace.
Organization roles
Organization roles control platform-wide access: user management, billing, integrations, and workspace creation.
TheyDo has two default organization roles:
Organization Admin Full platform access. Can invite users, create workspaces, manage billing, configure AI settings, and access all workspaces — including private ones.
Organization Viewer Read-only access to all public workspaces. Can comment on content and be assigned workspace roles for editing access. Cannot manage users or settings.
You can also create custom organization roles with specific combinations of permissions.
Organization permissions
| Permission | What it allows |
|---|---|
| Manage | Full admin control — invite users, assign roles, create and configure workspaces |
| Journey AI | Configure AI settings, enable/disable AI features, manage AI data |
| Integrations | Set up and manage third-party integrations and API keys |
| Billing | Manage billing settings, payment methods, and plan changes |
By default, only the Organization Admin role has access to all four permissions.
Workspace roles
Workspace roles determine what users can do within a specific workspace. These are separate from organization roles and are set per workspace.
TheyDo has three default workspace roles:
Workspace Admin Full access within the workspace. Can edit all content, manage users, and configure workspace settings including taxonomy.
Workspace Editor Can create and edit all content, including journey structure and building blocks. Cannot manage users or edit taxonomy.
Workspace Viewer Can view and comment on all workspace content. Cannot create or edit anything.
TheyDo also includes more focused default roles for specific functions:
| Role | Best for | Key access |
|---|---|---|
| Building Block Editor | Researchers, content contributors | Manage insights, opportunities, solutions, metrics, goals, and personas |
| Product Manager | Product and strategy teams | Manage opportunities, solutions, metrics, and goals |
| Research Owner | Research and analytics teams | Create and manage insights and metrics |
| Taxonomy Owner | Operations and governance | Manage workspace taxonomy, statuses, and tags |
These roles can be customized, renamed, or deleted in workspace settings.
Workspace permissions
| Permission | What it allows |
|---|---|
| Manage | Invite users, assign roles, configure workspace settings |
| Journey | Create, edit, and delete journeys and their structure |
| Insight | Create, edit, and delete insights; upload source files; use AI mining |
| Opportunity | Create, edit, and delete opportunities |
| Solution | Create and manage solutions |
| Metric | Create and manage metrics |
| Goal | Create and manage goals and track progress |
| Persona | Create and manage personas |
| Taxonomy | Manage statuses, types, and global tags across the workspace |
Each permission can be set to Full Access, View Only, or No Access.
Tips
- A user's organization role and workspace role work together — both apply at the same time.
- Organization Viewers automatically see public workspaces but need a workspace role assigned to edit anything.
- Private workspaces require explicit role assignment — even Organization Admins need to add themselves to see content.
- Custom roles let you tailor access more precisely than the default options.