Roles & permissions
`owner`, `admin`, `member` — what each role can do. Plus the platform-admin distinction.
Three roles per organisation, ranked high to low. The role check happens server-side in every action that touches org-scoped data.
The three roles
| Role | Can do |
|---|---|
owner | Everything, including transferring ownership and deleting the org |
admin | Invite / remove members, change roles (except owner), all settings |
member | Use the dashboard, create personal keys, view usage |
Every org has exactly one owner. Admins can promote/demote other
members but cannot change the owner.
Detailed permission matrix
| Action | owner | admin | member |
|---|---|---|---|
| Send chat completions | yes | yes | yes |
| Create / revoke own keys | yes | yes | yes |
| View own usage | yes | yes | yes |
| View org-wide usage | yes | yes | no |
| Invite members | yes | yes | no |
| Remove members | yes | yes | no |
| Change member roles (≤ admin) | yes | yes | no |
| Change owner | yes | no | no |
| Delete org | yes | no | no |
| Update billing / payment method | yes | yes | no |
| Sign / update DPA | yes | no | no |
| Configure allowed sub-processors | yes | yes | no |
Owner transfer
owner → admin (yourself) + admin → owner (someone else) must
happen as one transaction. The UI does this in a single confirm
modal. There is always exactly one owner per org.
Platform admin (Clevermation only)
Distinct from owner / admin. The /app/platform/* routes are
for the CleverRouter operator team. Access requires either:
- Membership in the
clevermationorg with roleowneroradmin, or - Email in the
SUPERADMIN_EMAILSenv-var whitelist.
Platform admin is not an org setting
An org owner cannot promote themselves to platform admin. The
platform-admin role lives at the CleverRouter level, not inside
any individual customer org. The UI never suggests otherwise.
Common gotchas
- Removing the last admin. The UI prevents it — you cannot
remove yourself if you're the only
owner. Transfer first. - Cross-org admin. Being
adminin one org gives you no rights in another org you're a member of. - Closed-beta gate. Inviting a new user bypasses the closed-beta sign-up gate only for that one invite token, valid 7 days.
Related
- Organisations — multi-tenant fundamentals.
- Authentication — closed-beta invite flow.