Skip to content
Rival Docs

Roles & Permissions

Rival uses a two-level permission system. The first level controls what a member can do within the organization as a whole. The second level controls what a member can do with specific tools. Both levels work together - having a high org role doesn’t automatically grant access to every tool.

Organization roles

Every member of an organization is assigned one of three org roles. These roles determine what they can see and do across the workspace.

Owner has full access to everything - tools, members, teams, billing, payouts, API keys, and all workspace settings. Each organization has exactly one owner: the person who created it. Owner status cannot be transferred. If you need to transfer ownership, contact support@rival.io.

An Admin can manage tools, invite and manage members, create and manage teams, and modify workspace settings. The one thing admins cannot do is access billing. If you’re adding a trusted collaborator who should be able to run the workspace day-to-day but shouldn’t control payment settings, Admin is the right role.

Member has limited default access. A member who has just joined the organization can see the workspace exists but cannot access or do anything with tools until they are explicitly assigned. They need to be added to a specific tool or a team before they can contribute meaningfully.

Tool roles

Tool roles are assigned at the individual tool level (or at the team level, which applies to all tools in that team). They control what a member can actually do with a specific tool.

Editor can edit the tool’s code, run executions, and test the tool’s behavior. This is the active contributor role - use it for anyone who needs to build or operate a tool.

Executor can read the tool’s code, run executions, and test the tool’s behavior. This is the active contributor role - use it for anyone who needs to build or operate a tool.

Viewer gets read-only access to the tool’s configuration, documentation, and execution history. They cannot edit code or trigger executions. This is suitable for stakeholders, reviewers, or anyone who needs visibility without the ability to change anything.

Note:

Each user can create a tool and has full access to it , only publish will be in hands of admin .

How the two levels work together

The two levels are independent, which means you need to think about both when setting up access.

A Member org role does not grant tool access by default. Even if someone is a member of your organization, they cannot see or interact with any tools until you assign them to a specific tool with a tool role, or add them to a team that includes those tools.

An Admin org role gives workspace-level management access, but it doesn’t bypass tool role assignments for individual tool operations - admins still interact with tools through the standard interface.

As an example: if you invite a contractor and assign them the Member org role, then add them to a single tool as an Executor, they can work on that tool but cannot access any others. That’s intentional - it keeps access narrow and explicit.

Changing roles

Any owner or admin can change a member’s org role at any time from Workspace Settings → Members. Tool role assignments can be updated from the tool’s settings or from Workspace Settings → Teams if the member is part of a team.

If something is blocked

If you can’t access a feature or tool, check two things: your org role (are you a Member when you need to be an Admin?) and your tool role assignment (have you been added to the tool or a team that includes it?). Both levels need to be right for access to work. If you’re still blocked after checking both, ask an owner or admin in your organization.