Roles & Permissions
How member roles and permission scopes control access to workspace features and data.
Roles and Permissions
Gravity Rail uses role-based access control (RBAC) to determine what each member can see and do. Permissions are controlled by scopes granted through member roles. If a member lacks a required scope, the corresponding feature is hidden from the sidebar.
Default Roles
New workspaces come with two built-in roles:
| Role | Description | Granted Scopes |
|---|---|---|
| Manager | Full workspace access | All grantable scopes (full read/write/admin) |
| User | Minimal access | assistants:read only |
Workspace administrators can create custom roles with any combination of scopes via People > Roles.
Scope Hierarchy
Scopes follow a three-level hierarchy:
adminimplieswriteandreadwriteimpliesreadreadis the base level
Example: Granting members:admin automatically includes members:write and members:read.
Sidebar Permissions
Every sidebar item requires a specific permission scope. Items are completely hidden if the user lacks the scope. If all children of a parent menu are hidden, the parent disappears too.
Top-Level Items
| Sidebar Item | Required Scope | Notes |
|---|---|---|
| Dashboard | None | Visible to all workspace members |
| Chats | chats:read |
Automation
| Sidebar Item | Required Scope |
|---|---|
| Workflows | workflows:read |
| Actions | automations:read |
| Events | automations:read |
Knowledge
| Sidebar Item | Required Scope | Feature Flag |
|---|---|---|
| Forms | datatypes:read | |
| Files | files:read | |
| Labels | labels:read | |
| Calendars | calendars:read | Calendar |
People
| Sidebar Item | Required Scope | Feature Flag |
|---|---|---|
| Members | members:read | |
| Agents | agents:read | Agents |
| Roles | workspace:admin | |
| Agents | assistants:read | |
| Supervisors | assistants:read |
Channels
| Sidebar Item | Required Scope | Feature Flag |
|---|---|---|
| Phone | phones:read | Phone |
| Inboxes | inboxes:read | |
| Sites | sites:read | Sites |
| Discord | workspace:admin | Discord |
| Slack | workspace:admin | Slack |
| EHR | workspace:admin | EHR / FHIR |
Developer
| Sidebar Item | Required Scope |
|---|---|
| Apps | apps:read |
| Toolkits | apps:read |
| Webhook Logs | webhooks:read |
Settings
All Settings pages require workspace:admin:
- Workspace
- Milestones
- Billing & Usage
- Features
API Endpoint Permissions
Backend endpoints enforce scope requirements. Self-access patterns allow users to access their own resources without admin scopes.
Data Types vs Records
Important distinction: Data types and records use separate permission namespaces:
datatypes:*controls access to form schemas (metadata) - does not contain PHIrecords:*controls access to data instances (contains PHI)
Viewing or editing form schemas does not grant access to the actual data records.
Common Endpoint Patterns
| Endpoint Pattern | Read | Create/Update | Delete | Self-Access |
|---|---|---|---|---|
| Data Types (Forms) | datatypes:read | datatypes:write | datatypes:admin | N/A |
| Data Records | records:read | records:write | records:admin | Users can view/edit their own records |
| Members | members:read | members:write | members:admin | Users can view/edit their own profile |
| Chats | chats:read | chats:write | chats:admin | Users can access their own chats |
| Files | files:read | files:write | files:admin | N/A |
| Calendars | calendars:read | calendars:write | calendars:admin | N/A |
| Folders | files:read | files:write | files:admin | N/A |
Special Cases
- Anonymous members: Viewing anonymous members requires
members:admin - Member deletion: Create/update use
members:write, but delete requiresmembers:admin - Discord/Slack/EHR: All operations require
workspace:admin - Google Calendar integration: Uses calendar scopes (
calendars:read/write/admin)
Self-Access Pattern
Many endpoints allow users to access their own resources without admin scopes:
- Viewing own member profile (
GET /me) - Updating own member profile (
PUT /me) - Viewing own chats (chats where
owner_id = self) - Updating own records (records where
member_id = self) - Classifying own phone number
Admin scopes (members:read, chats:read, records:read) are required to access other members' data.
Feature Flags vs Permissions
Some features require both a permission scope and a workspace feature flag:
- Permission scope: Controls whether the user's role allows access
- Feature flag: Controls whether the workspace has the capability enabled
If a feature is disabled at the workspace level, the item appears in the sidebar but is locked. If the user lacks the required permission, the item is completely hidden.
Common Role Configurations
Read-Only Analyst
View data without modification:
chats:read,members:read,datatypes:read,records:read,files:read,labels:read,analytics:read
Care Coordinator
Manage members and chats, view workflows:
chats:read,chats:write,members:read,members:write,workflows:read,assignments:read,assignments:write,files:read,labels:read
Workspace Administrator
Full control (same as default Manager role):
- All grantable scopes (see default Manager role)
Related Resources
Members
Add, invite, and manage the humans in your workspace — team and customers alike.
Importing Members
Import members in bulk via CSV upload or the API — format your file, handle duplicates, and troubleshoot errors.
Agents
Create and configure AI team members that handle conversations and complete tasks.
All Guides
Browse all available guides