Every team member in a project has a role, and every role is a set of granular permissions. All permission checks are enforced on the backend — the UI only hides what you cannot do anyway.
Built-in roles
| Role | Description |
|---|
| Owner | Full access to every permission. The owner cannot be removed from the project. |
| Admin | Everything except disconnecting GitHub, removing Tebex stores, and deleting the project. |
| Staff | Handles tickets day to day: reply, assign, change status, use AI tools, view CSAT — but no team, role, or settings management. |
Admin and Staff are created with every project as sensible defaults. Only the Owner role is locked; the others can be adjusted like custom roles.
Custom roles
You can create custom roles with any combination of the permissions below. Roles have a position that defines their hierarchy, and the roles.reorder permission controls who can change that hierarchy.
Permission reference
Tickets
| Permission | What it allows |
|---|
tickets.view_all | View all tickets in the project |
tickets.create | Create tickets |
tickets.update | Update tickets |
tickets.delete | Delete tickets |
tickets.assign | Assign tickets to team members |
tickets.change_status | Change ticket status |
tickets.change_priority | Change ticket priority |
tickets.auto_assign | Configure auto-assignment rules |
tickets.ask_ai | Use AI to generate response suggestions |
tickets.view_settings | View ticket settings |
tickets.update_settings | Update ticket settings |
tickets.manage_github_issues | Create, link, and unlink GitHub issues from tickets |
The tickets.view_all effect: this permission decides ticket visibility. With it, a member sees every ticket in the project. Without it, they only see tickets they are assigned to — useful for external collaborators or trainees who should only work their own queue.
Messages
| Permission | What it allows |
|---|
messages.create | Send messages |
messages.create_internal | Send internal notes (never visible to customers) |
messages.edit_own | Edit own messages |
messages.delete_own | Delete own messages |
messages.delete_any | Delete any message |
Team
| Permission | What it allows |
|---|
team.view | View team members |
team.invite | Invite team members |
team.remove | Remove team members |
team.change_roles | Change member roles |
Roles
| Permission | What it allows |
|---|
roles.view | View custom roles |
roles.create | Create custom roles |
roles.update | Update custom roles |
roles.delete | Delete custom roles |
roles.reorder | Reorder roles (change hierarchy) |
Integrations
| Permission | What it allows |
|---|
integrations.view | View integrations |
integrations.github.configure | Configure the GitHub integration |
integrations.github.disconnect | Disconnect GitHub |
integrations.discord.configure | Configure the Discord integration |
integrations.discord.send_embed | Send the portal embed to Discord channels |
Project
| Permission | What it allows |
|---|
project.view_settings | View project settings |
project.update_settings | Update project settings |
project.delete | Delete the project |
AI
| Permission | What it allows |
|---|
ai.view | View AI settings and usage |
ai.configure | Configure AI settings and schedule |
ai.knowledge.manage | Add and delete knowledge entries |
ai.teach | Generate knowledge from ticket conversations |
ai.approve | Approve or reject pending AI messages |
ai.toggle_ticket | Toggle AI auto-response per ticket |
Commands
| Permission | What it allows |
|---|
commands.manage | Manage chat command settings |
Tebex
| Permission | What it allows |
|---|
tebex.add | Add Tebex stores |
tebex.update | Update Tebex stores |
tebex.remove | Remove Tebex stores |
tebex.create_coupon | Create Tebex coupons from tickets |
tebex.create_gift_card | Create Tebex gift cards from tickets |
tebex.view_customer_orders | View a customer's purchases and orders from a ticket |
CSAT
| Permission | What it allows |
|---|
csat.view | View CSAT analytics and survey responses |
csat.manage | Configure CSAT settings |