Roles & Permissions
Understand how organization roles, board roles, and permission groups work together
Spedy uses a multi-level access control system. Your effective permissions depend on your organization role, your board role, and the permission groups you belong to. Understanding how these levels interact helps you set up access control that works for your team.
Organization roles
Every member of your organization has one of three roles. This role applies across the entire workspace and determines the baseline level of access.
Admin
Admins have unrestricted access to everything in the organization.
- View and manage all boards, even those they are not explicitly assigned to
- Invite and remove members
- Create and manage teams
- Access all organization settings
- Manage roles and permissions for other members
Every organization needs at least one Admin. The person who creates an organization is automatically its first Admin.
Team Member
Team Members are your standard collaborators. They can work productively on the boards they have access to, but they cannot change organization-wide settings.
- Access boards they are assigned to (through teams or individual board membership)
- Create, edit, and manage tickets on those boards
- Leave comments and upload attachments
- Cannot access organization settings or manage other members
Customer
Customers have the most limited access. This role is designed for external stakeholders -- such as clients or partners -- who need to see project progress without full control.
- Access only boards they are individually assigned to
- View tickets and board activity
- Leave comments on tickets
- Cannot create or edit tickets
- Cannot see internal (secret) comments
Board roles
In addition to your organization role, you may have a specific role on individual boards. Board roles fine-tune what you can do within a particular board.
| Board Role | What you can do |
|---|---|
| Board Admin | Manage the board's settings, add and remove members and teams, and do everything a Board Member can do |
| Board Member | Create tickets, edit tickets, move tickets between statuses, leave comments, and upload attachments |
| Board Viewer | View the board and its tickets in read-only mode -- you cannot create or change anything |
Board roles are assigned when a user is added to a board as an individual member. Team-based access grants Board Member permissions by default.
Permission Groups
Permission Groups add a layer of granular permissions on top of the three organization roles. They let you define exactly what capabilities a member has, beyond what their role provides.
How permission groups work
- Each permission group has a name, description, optional color, and a set of permissions.
- Permission groups have a type: either INTERNAL (for staff members) or CUSTOMER (for external users).
- System groups are built-in and cannot be modified or deleted. Custom groups can be created by Admins.
- Groups can be marked as default, meaning new users are automatically assigned to them.
- Members can belong to one or more permission groups. Their effective permissions are the union of all permissions from all groups they belong to.
Managing permission groups
To manage permission groups, go to Settings > Permission Groups. This requires the canManagePermissionGroups permission and a Pro plan.
From here you can:
- View all existing permission groups (system and custom)
- Create new custom permission groups
- Edit group name, description, color, and permissions
- Assign members to groups
- Delete custom groups (system groups cannot be deleted)
Granular permissions
Permission groups control access to specific features and actions. Some key permissions include:
| Permission | What it controls |
|---|---|
settings:manage-permission-groups | Manage permission groups |
integrations:view | View integrations settings |
webhooks:view / webhooks:manage | View and manage webhooks |
runners:view / runners:manage | View and manage runners |
mcp-servers:view / mcp-servers:manage | View and manage MCP servers |
skills:view / skills:manage | View and manage agent skills |
custom-fields:view / custom-fields:manage | View and manage custom fields |
audit:view-all | View all organization activity |
audit:view-board | View board-level activity |
explainable-status:view / explainable-status:manage | View and manage explainable status |
time-tracking:view / time-tracking:manage | View and manage time tracking |
ai-knowledge:view / ai-knowledge:manage | View and manage AI knowledge base |
tickets:create / tickets:edit / tickets:assign | Ticket operations |
tickets:view-secret-comments / tickets:add-secret-comments | Secret comment access |
members:invite / members:edit | Member management |
teams:create / teams:edit | Team management |
boards:create / boards:edit | Board management |
wiki:view / wiki:create / wiki:edit / wiki:delete / wiki:manage | Wiki operations |
milestones:view / milestones:create / milestones:edit / milestones:delete | Milestone operations |
releases:view / releases:create / releases:edit / releases:delete | Release operations |
comments:edit-others / comments:delete-others | Modify other users' comments |
impersonation:use | Use impersonation features |
How roles and permission groups combine
Your effective permissions on a board are determined by the combination of your organization role, your board role, and your permission group assignments.
- Admins always have full access to every board, regardless of their board role or permission groups. They do not even need to be explicitly added to a board.
- Team Members need to be assigned to a board (either through a team or as an individual member). Their board role determines what they can do on that board. Permission groups control access to organization-level features.
- Customers must be individually added as a Board Member. Their access is limited to viewing and commenting, even if assigned a higher board role. Their permission group (CUSTOMER type) defines additional constraints.
Examples
| Person | Org Role | Board Role | Permission Group | Effective Access |
|---|---|---|---|---|
| Alice | Admin | (none) | Administrators | Full access to all boards and settings |
| Bob | Team Member | Board Admin | Engineering | Can manage that board; access to settings per group permissions |
| Carol | Team Member | Board Viewer | Viewer | Can only view, not edit |
| Dave | Customer | Board Member | Customer Default | Can view and comment, but not create tickets |
Checking your permissions
If you are unsure what you can do on a specific board, look at the controls available to you. Spedy automatically hides buttons and options that you do not have permission to use. For example, if you cannot create tickets on a board, the "Create ticket" button will not appear.