Skip to main content

Roles & Permissions

Conto uses role-based access control (RBAC) to manage what each team member can do within an organization.

Roles

Permission Matrix

Managing Members

Invite a Member

Go to Settings > Team > Invite Member. Enter the email and select a role.

Change a Role

Changing roles requires team management permission (Owner or Admin), and role changes are enforced by hierarchy: you can only change or remove members whose role is strictly below your own. An Admin can manage Managers, Members, and Viewers, but not another Admin. Owners can manage anyone, including other Owners, and only an Owner can promote a member to Owner. The last Owner cannot be demoted or removed without transferring ownership first.

API Key Scopes

Organization API keys use scopes that map to these permissions. When creating a key, you can select a preset or pick individual scopes: See Admin SDK > Scopes for the full scope list.