Skip to main content

Roles & Permissions

Sealmetrics uses a two-tier role system to give you fine-grained control over who can access what:

  1. Organization roles (Owner, Admin, Member) determine what a user can do across the organization — manage members, billing, settings, and which sites they can see.
  2. Site access roles (Editor, Viewer) determine the access level a Member is granted when they are added to a specific site.

The user's effective management permissions are driven by their organization role. Site access roles control whether a Member has edit or view-only access to the sites assigned to them.


Organization Roles

Every member of an organization has exactly one organization role: Owner, Admin, or Member.

The table below reflects the actual permissions enforced by the platform for each organization role.

PermissionOwnerAdminMember
View all sites in the organizationYesYes--
View only assigned sites----Yes
Create a siteYesYes--
Edit a siteYesYes--
Delete a siteYes----
View membersYesYesYes
Invite membersYesYes--
Remove membersYesYes--
Change a member's role to Admin or MemberYesYes--
Promote a member to OwnerYes----
Edit organization settingsYes----
Delete the organizationYes----
Manage integrationsYesYes--
Manage pixelsYesYes--
Manage propertiesYesYes--
Manage LLM providersYes----
Manage API tokensYesYes--
Access account migrationYesYes--

Owner

The organization creator is automatically the Owner. Owners have unrestricted access to everything in the organization, including billing, member management, organization settings, LLM providers, and all sites.

Admin

Admins can manage the day-to-day operations of the organization. They can invite and remove members, manage site access, edit sites, and manage integrations, pixels, properties, and API tokens. Admins cannot delete a site, manage billing, edit or delete the organization, manage LLM providers, or promote a member to Owner.

Member

Members have restricted access. They can only see the specific sites that an Owner or Admin has assigned to them. They can view the member list, but cannot invite, remove, or manage other members, and cannot change any organization or site configuration.


Site Access Roles

When an Owner or Admin grants a Member access to a site, they assign a site access role:

RoleAccess
EditorView reports and modify the site's configuration and settings
ViewerRead-only access to reports and analytics

These roles are offered when adding a user to a site from the Team tab of the Site Settings page.

info

Owners and Admins automatically have access to all sites in the organization, so you do not assign site access roles to them. Site access roles only apply to Members.


How Roles Combine

A user's effective permissions are the combination of their organization role and — for Members — the site access role they were granted on each site.

Org RoleSite AccessWhat They Can Do
OwnerAll sitesFull access to everything — all sites, billing, members, org settings, LLM providers
AdminAll sitesAll sites, member management, integrations, pixels, properties, API tokens — no billing, no org/site deletion, no LLM providers
MemberEditorOnly assigned sites; can view reports and edit configuration on those sites
MemberViewerOnly assigned sites; read-only access
tip

Owners and Admins do not need individual site assignments — they see every site automatically. Site assignment and site access roles only apply to Members.


Choosing the Right Roles

ScenarioRecommended Org RoleSite Access
Business owner or account managerOwner-- (all sites)
Team lead managing the analytics setupAdmin-- (all sites)
Marketing analyst on your teamMemberEditor
External client reviewing reportsMemberViewer
Agency partner managing trackingMemberEditor
Best Practice

Keep the number of Owners to a minimum. Most team members work well as Admins, or as Members with the appropriate site access.