Roles & Permissions
Overview of all available roles and their permissions in Conbool. Learn who can view and manage what.
Role-Based Access Control (RBAC)
Conbool uses a hierarchical role model. Each user is assigned a role when joining a tenant, which determines their permissions within that tenant. A user can have different roles in different tenants.
What Roles Are Available?
Conbool offers six predefined roles with graduated permissions:
| Role | Hierarchy | Description |
|---|---|---|
| Owner | 1 (highest) | Full access to all features. Can manage roles and billing. Can delete the tenant. |
| Operator | 2 | Can operationally manage all modules (Routing, Groups, Disclaimer, MailGuard, S/MIME, PGP). No access to billing or role management. |
| Member | 2 | Default role for team members. Can manage settings and invitations. |
| Analyst | 3 | Read access to most modules. Can view dashboards, tracing and configurations, but cannot modify them. |
| Auditor | 4 | Like Analyst, but with additional access to the audit log. Ideal for compliance reviewers. |
| Contact | 5 (lowest) | Minimal access. Can only view the message portal and quarantine. For external contacts or restricted users. |
Permission Matrix
Each permission follows the pattern module.action, where .read means read access and .manage means full management access.
Management Permissions (Manage)
| Permission | Owner | Operator | Member | Analyst | Auditor | Contact |
|---|---|---|---|---|---|---|
| roles.manage | ✓ | — | — | — | — | — |
| billing.manage | ✓ | — | — | — | — | — |
| settings.manage | ✓ | — | ✓ | — | — | — |
| members.manage | ✓ | — | — | — | — | — |
| invites.manage | ✓ | ✓ | ✓ | — | — | — |
| groups.manage | ✓ | ✓ | — | — | — | — |
| routing.manage | ✓ | ✓ | — | — | — | — |
| tracing.manage | ✓ | ✓ | — | — | — | — |
| portal.manage | ✓ | ✓ | — | — | — | — |
| dashboard.manage | ✓ | — | — | — | — | — |
| quarantine.manage | ✓ | ✓ | — | — | — | — |
| mailguard.manage | ✓ | ✓ | — | — | — | — |
| disclaimer.manage | ✓ | ✓ | — | — | — | — |
| smime.manage | ✓ | ✓ | — | — | — | — |
| pgp.manage | ✓ | ✓ | — | — | — | — |
Read Permissions (Read)
| Permission | Owner | Operator | Analyst | Auditor | Contact |
|---|---|---|---|---|---|
| dashboard.read | ✓ | ✓ | ✓ | ✓ | — |
| tracing.read | ✓ | ✓ | ✓ | ✓ | — |
| routing.read | ✓ | ✓ | ✓ | ✓ | — |
| groups.read | ✓ | ✓ | ✓ | ✓ | — |
| guardian.read | ✓ | ✓ | ✓ | ✓ | — |
| portal.read | ✓ | ✓ | ✓ | ✓ | ✓ |
| disclaimer.read | ✓ | ✓ | ✓ | ✓ | — |
| quarantine.read | ✓ | ✓ | ✓ | ✓ | ✓ |
| audit.read | ✓ | ✓ | — | ✓ | — |
| members.read | ✓ | ✓ | ✓ | ✓ | — |
| smime.read | ✓ | ✓ | ✓ | ✓ | — |
| pgp.read | ✓ | ✓ | ✓ | ✓ | — |
How Are Roles Assigned?
Roles are assigned during invitation or subsequently in the member management:
- Navigate to Members in the side menu.
- Click on the three-dot menu (⋯) next to the desired member.
- Select Change Role and assign the new role.
Only users with the roles.manage permission (by default only the Owner) can change roles.
Important Notes
- One Owner per tenant: There must always be at least one Owner.
- Hierarchy principle: Users can only assign roles that are equal to or lower than their own in the hierarchy.
- Cross-tenant: Roles only apply within a tenant. A user can be Owner in Tenant A and Analyst in Tenant B.
- Row Level Security: All permissions are enforced server-side via PostgreSQL Row Level Security (RLS). Hiding a UI element is not sufficient — the database directly blocks unauthorized access.