Last updated 2026-05-24
Roles and permissions — who can change what
MetaFrazo's permission model is intentionally simple: four roles, each with a clear scope. Every member of your organization has exactly one role at any given time, and only certain roles can change someone else's role.
The four roles
Owner
Owners can do everything an admin can do, plus the things that affect the organization itself:
- Invite teammates and assign their roles.
- Change another member's role (including promoting another member to owner).
- Remove a member from the organization.
- Transfer ownership of the organization to another member.
- Delete the organization entirely.
The person who installs the Jira connector becomes the first owner of the resulting MetaFrazo organization. You can have more than one owner — promoting a co-owner is a common pattern for organizations that want shared accountability for the account.
Admin
Admins can do almost everything an owner can, except the irreversible organization-level actions:
- Invite teammates and assign their roles.
- Change another member's role.
- Remove a member from the organization.
- Change the AI provider settings (see Choosing an AI provider).
- Read the full audit trail of membership and configuration changes.
Admins cannot:
- Transfer ownership.
- Delete the organization.
Admin is the right role for "trusted operations lead" — someone who needs to manage day-to-day access and settings, but who doesn't need the keys to the kingdom.
Auditor
Auditors are read-only specialists. They can:
- View every dashboard in the organization.
- Read the full audit trail of membership and configuration changes.
- See provider settings (but not change them).
Auditors cannot make any change. They cannot invite teammates, change roles, remove members, or alter settings. The role is purpose-built for internal audit staff, compliance officers, and external auditors during evidence collection — anyone whose job is to verify and report, not to administer.
User
Users are read-only operators. They can:
- View every dashboard in the organization.
Users cannot see the audit trail (that lives behind the admin / auditor view) and cannot change any setting. This is the right role for the bulk of your governance, ops, and security staff — the people who open the dashboard to answer questions, but who don't need to administer the MetaFrazo organization itself.
Who can change roles
| You are… | You can promote/demote… | You can remove… | You can transfer ownership |
|---|---|---|---|
| Owner | Any member | Any member | Yes (to any member) |
| Admin | Any non-owner member | Any non-owner member | No |
| Auditor | Nobody | Nobody | No |
| User | Nobody | Nobody | No |
A few subtleties worth knowing:
- There is always at least one owner. MetaFrazo refuses to let the last owner demote themselves; you have to promote another owner first. This guarantees no organization is ever left without someone who can act on it.
- Admins can promote other admins, but cannot make someone owner. Promoting to owner is an owner-only action — a deliberate guardrail against admin-account compromise turning into a full account takeover.
- Self-management is allowed. Any member can change their own profile, sign out, and request that they be removed. Demoting yourself follows the rules above (the last owner cannot demote themselves).
The audit trail
Every membership change is logged: who invited whom, who changed whose role, who removed whom, when. Admins and Auditors can read this log; Users cannot.
The audit trail is append-only. You cannot edit or delete a past entry — that's what makes it useful as evidence for GDPR / NIS2 / DORA audits (see GDPR, NIS2, DORA — what does MetaFrazo give me?).
Recommended starting pattern
A reasonable starting pattern for a typical regulated organization:
- 1 to 3 Owners — the senior accountable executive(s) and their direct deputy.
- 2 to 5 Admins — your day-to-day governance leads and ops managers.
- 1 or 2 Auditors — your internal audit / compliance contact and (during audit season) an external auditor.
- Users — the rest of your governance, ops, and security staff.
You can adjust freely as your organization changes.
Where to go from here
- How do I add a teammate? — the invite flow itself.
- How is my organization's data isolated from other tenants? — the broader access story.
- GDPR, NIS2, DORA — what does MetaFrazo give me? — how role assignments and the audit trail feed compliance.