Roles
The three roles in Together, what each one can do, and how to pick the right one for someone joining your team.
Every user has exactly one role on their organisation: ADMIN, EDITOR, or VIEWER. There are no per-feature roles, no project-level permissions, no overrides. One role, applied universally.
The three roles
| Role | Tagline | Who |
|---|---|---|
| ADMIN | Full control | People who configure the platform: settings, billing, users, integrations. |
| EDITOR | Day-to-day fundraising | Fundraisers, donor stewards, anyone who creates forms, tags donors, edits records. |
| VIEWER | Read-only | Auditors, board members, compliance reviewers, anyone who only needs to look. |
The roles are tiers, not buckets. ADMIN can do everything EDITOR can do, and EDITOR can do everything VIEWER can do. Pick the lowest tier that covers what someone needs.
Capability matrix
| Capability | ADMIN | EDITOR | VIEWER |
|---|---|---|---|
| View dashboard, donors, donations, compliance | yes | yes | yes |
| Download disclosure CSV | yes | yes | yes |
| Create or edit donors | yes | yes | no |
| Create or edit donation forms | yes | yes | no |
| Tag or merge duplicate donors | yes | yes | no |
| Manually log donations | yes | yes | no |
| Resolve compliance alerts | yes | yes | no |
| Invite, remove, or change role of other users | yes | no | no |
| Configure Stripe, branding, organisation details | yes | no | no |
| Manage CRM integrations and webhooks | yes | no | no |
| Configure compliance rules and FCA tracking | yes | no | no |
| Subscribe to a plan or change billing | yes | no | no |
The dashboard adapts to your role; you do not see buttons you cannot click. If you expected to see something and do not, your role is probably narrower than you thought. Ask whoever invited you.
Default for new users
New users created via self-signup get the role you set as your org's self-signup default. The platform default for that field is VIEWER; bump it to EDITOR if you trust everyone on your allowed domains to do day-to-day work.
New users created via invite get the role the inviting ADMIN picks in the form. EDITOR is the prefilled choice.
The very first user in a new org is auto-promoted to ADMIN. Otherwise no role is granted automatically; users who land on an authenticated route without a role are blocked.
How to change someone's role
- Go to Settings -> Users.
- Find the user. Click the role dropdown on their row.
- Pick the new role. The change is saved immediately.
A user's role applies on their next request. They do not need to sign out.
How role enforcement works
Roles are checked on the server before any protected page renders or any data-changing action runs. The UI also hides controls a user cannot use, but that hiding is a courtesy; the real enforcement happens in the request handler. A VIEWER who somehow submits an admin form gets a 403 response, not a successful write.
When to use which role
Some practical rules of thumb:
- Make at least two ADMINs. A single admin is a single point of failure if someone leaves the org or loses access.
- Default new staff to EDITOR. They can do everything they need for the work; they cannot accidentally change billing or break the Stripe connection.
- Reserve VIEWER for genuinely read-only people. Board members, external auditors, finance staff reviewing reports. Do not give VIEWER to working fundraisers; they will hit a wall on day one.
- Move people up when needed. It is faster to promote an EDITOR to ADMIN than to fix the damage from an over-privileged user clicking the wrong button.
What to do next
- Invite the rest of your team with the right role per person: Invite your team.
- Open up self-signup for colleagues on your domain: Configure self-signup.
- Check what your tier includes: Plans.