Roles & Permissions
Overview of all available roles and their permissions in Conbool. Learn who can view and manage what.
Role-Based Access Control (RBAC)
Conbool uses a hierarchical role model. Each user is assigned a role when joining a tenant, which determines their permissions within that tenant. A user can have different roles in different tenants.
The Five Roles
| Role | Hierarchy | Description |
|---|---|---|
| Owner | 1 (highest) | Full access to all features. Can manage roles, billing, and settings. Can delete the tenant. |
| Operator | 2 | Full operational access to all modules. Can manage groups, routing, quarantine, portal, tracing, guardian, and invites. No access to roles, billing, settings, or member management. |
| Analyst | 3 | Read-only access to all modules. Can view dashboards, tracing, and configurations but cannot modify them. No access to the audit log. |
| Auditor | 4 | Read-only access to all modules plus access to the audit log. No management permissions. Ideal for compliance reviewers. |
| Contact | 5 (lowest) | Minimal access. Can only view the message portal and quarantine. For external contacts or restricted users. |
Permission Matrix
The following table shows which role can manage or view which features.
Management Capabilities
| Feature | Owner | Operator | Analyst | Auditor | Contact |
|---|---|---|---|---|---|
| Manage roles | ✓ | — | — | — | — |
| Manage billing | ✓ | — | — | — | — |
| Manage settings | ✓ | — | — | — | — |
| Manage members | ✓ | — | — | — | — |
| Manage invites | ✓ | ✓ | — | — | — |
| Manage groups | ✓ | ✓ | — | — | — |
| Manage routing | ✓ | ✓ | — | — | — |
| Manage tracing | ✓ | ✓ | — | — | — |
| Manage portal | ✓ | ✓ | — | — | — |
| Manage dashboard | ✓ | — | — | — | — |
| Manage quarantine | ✓ | ✓ | — | — | — |
| Manage MailGuard | ✓ | ✓ | — | — | — |
| Manage disclaimer | ✓ | ✓ | — | — | — |
| Manage S/MIME | ✓ | ✓ | — | — | — |
| Manage PGP | ✓ | ✓ | — | — | — |
Read Capabilities
| Feature | Owner | Operator | Analyst | Auditor | Contact |
|---|---|---|---|---|---|
| View dashboard | ✓ | ✓ | ✓ | ✓ | — |
| View tracing | ✓ | ✓ | ✓ | ✓ | — |
| View routing | ✓ | ✓ | ✓ | ✓ | — |
| View groups | ✓ | ✓ | ✓ | ✓ | — |
| View guardian | ✓ | ✓ | ✓ | ✓ | — |
| View portal | ✓ | ✓ | ✓ | ✓ | ✓ |
| View disclaimer | ✓ | ✓ | ✓ | ✓ | — |
| View quarantine | ✓ | ✓ | ✓ | ✓ | ✓ |
| View audit log | ✓ | — | — | ✓ | — |
| View members | ✓ | ✓ | ✓ | ✓ | — |
| View S/MIME | ✓ | ✓ | ✓ | ✓ | — |
| View PGP | ✓ | ✓ | ✓ | ✓ | — |
Navigation Access per Role
The following table shows which navigation items are visible to each role in the side menu:
| Navigation Item | Owner | Operator | Analyst | Auditor | Contact |
|---|---|---|---|---|---|
| Dashboard | ✓ | ✓ | ✓ | ✓ | — |
| Tracing | ✓ | ✓ | ✓ | ✓ | — |
| Quarantine | ✓ | ✓ | ✓ | ✓ | ✓ |
| Routing | ✓ | ✓ | ✓ | ✓ | — |
| Groups | ✓ | ✓ | ✓ | ✓ | — |
| MailGuard | ✓ | ✓ | ✓ | ✓ | — |
| Disclaimer | ✓ | ✓ | ✓ | ✓ | — |
| Cryptography (S/MIME, PGP) | ✓ | ✓ | ✓ | ✓ | — |
| Message Portal | ✓ | ✓ | ✓ | ✓ | ✓ |
| Guardian | ✓ | ✓ | ✓ | ✓ | — |
| Members | ✓ | ✓ | ✓ | ✓ | — |
| Audit Log | ✓ | — | — | ✓ | — |
| Settings | ✓ | — | — | — | — |
| Billing | ✓ | — | — | — | — |
Role Details
Owner
The Owner has unrestricted full access to all tenant features:
- Full access to all read and management capabilities
- Billing and subscription management
- Role and member management
- Access to all settings
- Access to the audit log
Operator
The Operator is responsible for operational management:
- Full read access to all modules
- Management of groups, routing, quarantine, portal, tracing, guardian, and invites
- Management of MailGuard, Disclaimer, S/MIME, and PGP
- No access to: role management, billing, settings, member management
Analyst
The Analyst has read-only access exclusively:
- Can view all modules (Dashboard, Tracing, Routing, Groups, etc.)
- Cannot make changes (no management capabilities)
- No access to the audit log
Auditor
The Auditor is comparable to the Analyst but with audit access:
- Read access to all modules
- Additional access to the audit log
- No management permissions
- Ideal for compliance audits and reviews
Contact
The Contact has minimal access:
- Only access to portal and quarantine (read-only)
- No access to modules, settings, or management functions
- For external contacts or heavily restricted users (internal contacts)
How Are Roles Assigned?
Roles are assigned during invitation or subsequently in the member management:
- Navigate to Members in the side menu.
- Click on the three-dot menu next to the desired member.
- Select Change Role and assign the new role.
Only the Owner role can change roles.
Important Notes
- One Owner per tenant: There must always be at least one Owner.
- Hierarchy principle: Users can only assign roles that are equal to or lower than their own in the hierarchy.
- Cross-tenant: Roles only apply within a tenant. A user can be Owner in Tenant A and Analyst in Tenant B.
- Row Level Security: All permissions are enforced server-side via PostgreSQL Row Level Security (RLS). Hiding a UI element is not sufficient -- the database directly blocks unauthorized access.