Roles & Permissions
Complete guide to role-based access control. Owner, Admin, Member, and Viewer roles. Permission matrices for profiles, proxies, and team management.
Control who can do what. Four roles with different permissions. Owner has full control. Viewers can only watch. Members and Admins sit in between.
Role Overview
| Role | Profile Access | Team Management | Billing |
|---|---|---|---|
| Owner | All profiles | Full control | Full control |
| Admin | All profiles | Invite, remove members | View only |
| Member | Assigned profiles only | View team | No access |
| Viewer | Read-only | View team | No access |
Owner Role
The account creator. Has unrestricted access to everything.
Unique privileges:
- Transfer ownership to another team member
- Delete the entire account
- Cannot be removed by anyone (including themselves without transferring ownership first)
Use case: CEO, founder, or account owner.
Admin Role
Day-to-day account management for the workspace.
Can do:
- Create, edit, delete all profiles
- Launch any browser session
- Add and manage proxies
- Invite new team members
- Remove team members (except Owner)
- Change member roles (except Owner)
- View audit logs
- Configure API keys
- Set up webhooks
Cannot do:
- Delete the account
- Transfer ownership
- Remove the Owner
Use case: Team leads, department managers, operations directors.
Member Role
Standard user. Can manage profiles they're assigned to.
Can do:
- View and edit assigned profiles
- Launch assigned profiles
- Create new profiles (assigned to them automatically)
- Delete profiles they created
- Add proxies for their profiles
- View team member list
Cannot do:
- Access profiles not assigned to them
- Invite or remove team members
- Change anyone's role
- View audit logs
- Configure API keys or webhooks
Use case: Account managers, social media specialists, e-commerce operators.
Viewer Role
Read-only access. Can see everything but can't change anything.
Can do:
- View all profiles (but can't edit)
- See profile configurations
- View team member list
- See proxy list
Cannot do:
- Launch profiles
- Create or edit profiles
- Add or modify proxies
- Invite team members
- Change any settings
Use case: Stakeholders, clients, auditors, quality assurance.
Permission Matrix: Profiles
| Action | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
| View all profiles | ✅ | ✅ | ❌ | ✅ |
| View assigned profiles | ✅ | ✅ | ✅ | ✅ |
| Create profiles | ✅ | ✅ | ✅ | ❌ |
| Edit any profile | ✅ | ✅ | ❌ | ❌ |
| Edit assigned profiles | ✅ | ✅ | ✅ | ❌ |
| Delete any profile | ✅ | ✅ | ❌ | ❌ |
| Launch profiles | ✅ | ✅ | ✅ | ❌ |
| Export profile data | ✅ | ✅ | ✅ | ❌ |
Permission Matrix: Team Management
| Action | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
| View team members | ✅ | ✅ | ✅ | ✅ |
| Invite members | ✅ | ✅ | ❌ | ❌ |
| Remove members | ✅ | ✅* | ❌ | ❌ |
| Change member roles | ✅ | ✅* | ❌ | ❌ |
| Transfer ownership | ✅ | ❌ | ❌ | ❌ |
| View audit logs | ✅ | ✅ | ❌ | ❌ |
* Admin can't remove or demote the Owner
Permission Matrix: API & Automation
| Action | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
| Create API keys | ✅ | ✅ | ❌ | ❌ |
| View API keys | ✅ | ✅ | ❌ | ❌ |
| Revoke API keys | ✅ | ✅ | ❌ | ❌ |
| Configure webhooks | ✅ | ✅ | ❌ | ❌ |
| Use API (with key) | ✅ | ✅ | ✅ | ✅ |
Changing Roles
Owner and Admin can change member roles.
Settings → Team → Click member → "Change Role" dropdown.
Role changes take effect immediately. Active browser sessions continue but new permissions apply to new actions.
Promotion considerations:
- Member → Admin: Gains access to all profiles and team management
- Viewer → Member: Can now launch profiles and make changes
- Member → Viewer: Loses ability to launch or edit profiles
💡 Best Practice
Start team members as Members with limited profile access. Promote to Admin only when they need full team management. Keep the Viewer role for external stakeholders.
Profile-Level Permissions
Beyond roles, you can control profile access per member.
For Members and Viewers:
Profile → Settings → Sharing → Add team member.
Choose permission level:
- Full Access: Can launch, edit, and delete
- Launch Only: Can launch browser but can't edit settings
- View Only: Can see configuration but can't launch or edit
Admins and Owner always have full access to all profiles regardless of sharing settings.
Transferring Ownership
Only the Owner can transfer ownership. This is permanent and cannot be undone without the new Owner transferring back.
Settings → Team → "Transfer Ownership" button.
- Select new Owner from team member list
- Type "TRANSFER OWNERSHIP" to confirm
- Click "Transfer"
After transfer:
- New Owner gets full control
- Old Owner becomes Admin
- Billing transfers to new Owner
Robert Wilson
Security & Access Control Lead
Robert Wilson designs access control systems at Multilogin.io. He's implemented RBAC for 10,000+ teams with 0 permission escalation incidents.