Roles & Permissions Explained

The Three Roles

Every user in a Trust Leads organisation has one of three roles: Owner, Admin, or Member. The Owner role is assigned to the person who created the organisation and cannot be transferred (contact support if you need to transfer ownership). Each organisation has exactly one Owner.

Roles are enforced server-side on every API request — client-side role checks in the dashboard are supplementary display logic only. Even if a client-side check is bypassed, the API will reject requests that exceed the caller's role permissions.

Permission Matrix

The following table summarises what each role can do. In general: Owners have full control including billing and deleting the organisation. Admins can manage members and access all enrichment features. Members can enrich and download their own jobs.

• View enrichment jobs: Owner, Admin, Member (own jobs only for Member)
• Submit enrichment jobs: Owner, Admin, Member
• Download results: Owner, Admin, Member (own jobs only for Member)
• Invite team members: Owner, Admin
• Remove team members: Owner, Admin
• Change member roles: Owner only
• View billing and invoices: Owner, Admin
• Change subscription plan: Owner only
• Create/revoke API keys: Owner, Admin
• Delete the organisation: Owner only

Role Best Practices

Grant the minimum role necessary for each team member's responsibilities. Most enrichment users should be Members: they can upload files, run jobs, and download results — which covers the typical daily workflow. Reserve Admin for team leads, operations managers, or IT staff who need to manage API keys or onboard new team members.

Avoid having multiple Owners — since the Owner role cannot be easily transferred, it is best to keep it with a single primary account holder (typically the person who holds the billing relationship). If the Owner needs to be changed, contact support@trustleads.ai.