Roles & Permissions

Understanding the different team roles and their specific permissions in Feedbackview projects.

Role Overview

Feedbackview uses a three-tier permission system designed to provide appropriate access levels for different team responsibilities. Each role builds upon the previous one, ensuring clear hierarchies and security boundaries.

👑

Owner

Full administrative control including billing, project deletion, and all management features.

🛡️

Admin

Project management capabilities with team leadership responsibilities, excluding billing access.

👤

Member

Core collaboration access for feedback management and basic team interaction.

Detailed Permissions

Project Owner

The project owner is the account holder who created the project. Only one owner exists per project, and ownership cannot be transferred through the interface.

Full Access Permissions

View and manage all feedback submissions

Access project settings and API keys

Invite team members with any role (admin or member)

Remove team members and cancel invitations

Regenerate project API keys with audit trail

Access billing and subscription management

Delete or archive the project

View audit logs and security events

Admin Members

Admin members are trusted team leaders who can manage project operations and team collaboration, but don't have access to billing or destructive actions.

Administrative Permissions

View and manage all feedback submissions

Access most project settings (excluding API keys)

Invite team members with any role (admin or member)

Remove team members and cancel invitations

Configure project notifications and alerts

Export feedback data and analytics

Restricted Access

Cannot view or regenerate API keys

Cannot access billing or subscription settings

Cannot delete or archive the project

Regular Members

Regular members are team contributors who can participate in feedback management and basic collaboration, with limited administrative capabilities.

Core Permissions

View and respond to feedback submissions

Invite other members (not admins)

Access project feedback inbox and filters

View basic project information

Limited Access

Cannot change project settings

Cannot view or manage API keys

Cannot remove team members

Cannot access billing information

Cannot invite admin-level users

Permission Matrix

Quick reference for all role permissions across key features:

Feature	Owner	Admin	Member
View Feedback	✓	✓	✓
Respond to Feedback	✓	✓	✓
Invite Members	✓	✓	✗
Invite Admins	✓	✓	✗
Remove Members	✓	✓	✗
Project Settings	✓	✓	✗
API Keys	✓	✗	✗
Billing Access	✓	✗	✗
Delete Project	✓	✗	✗

Security Considerations

Audit Trail

All security-relevant actions are logged with timestamps and user information:

Team member invitations and acceptances
Role changes and permission updates
API key regeneration events
Member removals and invitation cancellations
Login events and authentication changes

API Key Security

Important: Only project owners can view and regenerate API keys. This ensures that sensitive integration credentials remain secure and under the control of the account holder.

Admin and member roles can see that API keys exist but cannot view the actual keys or regenerate them.

Best Practices

Principle of Least Privilege

Start with member-level access and promote users only when they need additional permissions for their responsibilities.

Regular Access Reviews

Periodically review team membership and roles to ensure permissions remain appropriate as team responsibilities evolve.

Clear Role Communication

Ensure team members understand their role permissions and responsibilities within the project to avoid confusion or security issues.

Removing Team Members

Owners and admins can remove team members from the Team Management page. Removed members:

Immediately lose access to the project
Can no longer view feedback or project data
Will be notified of the removal
Can be re-invited later if needed

Documentation