Roles & Permissions
Rival uses two layers of permissions:
- Org roles - what a member can do across the organization as a whole.
- Tool roles - what a member can do with a specific tool or agent.
The two layers are independent. A high org role doesn’t automatically grant access to every tool, and a Member needs explicit tool assignment to do anything beyond browsing.
Org roles
Every member of an organization has one of three org roles: Owner, Admin, or Member. Assign and change these in Settings → Members (/user/members).
| Capability | Owner | Admin | Member |
|---|---|---|---|
| View organization | Yes | Yes | Yes |
| Create tools and agents | Yes | Yes | Yes |
| Invite and manage members | Yes | Yes | No |
| Create and manage teams | Yes | Yes | No |
| Manage API keys and secrets | Yes | Yes | No |
| Edit Org Profile | Yes | Yes | No |
| Verify phone / claim Welcome Credits | Yes | No | No |
| Manage billing, plan, payouts | Yes | No | No |
| Delete the organization | Yes | No | No |
| Access Refer & Earn | Yes | No | No |
Owner is the person who created the organization. Each organization has exactly one Owner and the role cannot be transferred through the UI. Contact support@rival.io if you need to transfer ownership.
Admin is the right role for a trusted collaborator who should run the organization day-to-day but shouldn’t control billing or payouts.
Member is the default role. New Members can browse the organization and create their own tools, but they don’t automatically have access to other members’ tools - they need to be assigned at the tool level or added to a team.
Tool roles
Tool roles are assigned per tool (or via a team that includes the tool). They control what a member can do with that specific tool. Set these in the tool’s settings, or in Settings → Teams (/user/teams) for team-level assignments.
| Capability | Editor | Executor | Viewer |
|---|---|---|---|
| View tool code and config | Yes | Yes | Yes |
| Run the tool | Yes | Yes | No |
| Edit code and configuration | Yes | No | No |
| Publish new versions | Yes | No | No |
| View run history | Yes | Yes | Yes |
- Editor - the active builder role. Use it for anyone who needs to change the tool.
- Executor - can run the tool and inspect it, but can’t change it. Use it for collaborators who need to call the tool but shouldn’t modify it.
- Viewer - read-only access. Suitable for stakeholders or reviewers.
The creator of a tool always has full access to it; only publishing is gated by org role.
How the two layers combine
The two layers are independent. A few examples:
- A Member with an Executor assignment on one tool can run that tool but cannot see any other tools in the organization.
- An Admin can manage all members and teams, but they still need an Editor/Executor/Viewer role on a tool to interact with it through the standard interface.
- An Owner has full org access but should still assign themselves a tool role if they want to appear on the tool’s contributor list.
Where to assign roles
| To change | Go to |
|---|---|
| A member’s org role | /user/members |
| A member’s tool role | The tool’s settings page, or /user/teams if assigned via a team |
| Team membership | /user/teams |
If access is blocked
If you can’t see or do something:
- Check your org role in
/user/members- are you a Member when you need to be an Admin? - Check your tool role - have you been assigned directly, or added to a team that includes the tool?
Both layers need to be right for access to work. If you’re still blocked, ask an Owner or Admin in your organization.