Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.orkesta.com.tr/llms.txt

Use this file to discover all available pages before exploring further.

Orkesta uses role-based access control (RBAC) assigned at the workspace level with optional per-project overrides. Every member has exactly one workspace role; that role applies across all projects by default unless you explicitly override it on a specific project.

Built-in roles

Three built-in roles cover the most common access patterns.

Admin

Full access to workspace settings, billing, member management, API credentials, and all projects. Assign this role only to members who need to manage the workspace itself.

Member

Can create and operate within projects they belong to. Cannot access workspace-level settings such as billing or SSO configuration. The right default for most team members.

Viewer

Read-only access to the projects they belong to. Cannot create, edit, or delete any data. Use this role for stakeholders who need visibility without write access.

Custom roles

Custom roles let you define precise permission sets beyond what the built-in roles offer. You choose exactly which actions a custom role can perform, then assign it to members just like a built-in role.
Custom roles are available on Business and Enterprise plans. Each workspace can have up to 20 custom roles.

Create a custom role

1

Open the roles editor

Go to Settings → Roles and click New role.
2

Name the role

Enter a clear, descriptive name that reflects the role’s intended function (for example, Data Analyst or Billing Contact).
3

Toggle permissions

Work through the permission categories — workspace, projects, payment data, reports, and API — and enable exactly what this role needs.
4

Save

Click Save role. The role is immediately available to assign to any workspace member or project member.

Common custom role patterns

Custom roleTypical permissions
Data analystRead access to reports and transaction history; no write access to payments or settings.
Integration managerRead-write access to API credentials and webhook configuration; no access to billing or members.
Billing contactRead-write access to billing and invoices only; no access to projects or payment operations.

Per-project overrides

Project-level role overrides let you grant a member more (or less) access on a specific project than their workspace role provides. The project role takes precedence over the workspace role within that project. For example, a workspace Viewer can be given the Member role on one project so they can contribute there while retaining read-only access everywhere else.

Assign a per-project override

1

Open the project

Navigate to the project where you want to change access.
2

Go to Members settings

Click Settings → Members within the project.
3

Select a role override

Find the member in the list, click the role dropdown next to their name, and select the role they should have within this project.
To remove a project-level override and return the member to their workspace role, open the same role dropdown and select Use workspace role.