Overview
Obeya Cloud uses a role-based access control (RBAC) system with four built-in roles. Permissions cascade from the organization level down to individual boards.Built-In Roles
Owner
The organization creator. There is exactly one owner per organization. The owner has all permissions and can:- Delete the organization
- Manage billing and subscription
- Transfer ownership to another admin
- Everything an Admin can do
Admin
Organization administrators who can manage the platform:- Manage members (invite, deactivate, change roles)
- Create and delete workspaces
- Access all workspaces and boards
- Configure organization settings
- Manage integrations and automations
- View audit logs
- Everything a Member can do
Member
Standard users who can work with projects and boards:- Create projects and boards in workspaces they belong to
- Create, edit, and delete items
- Create and manage views
- Post comments and mentions
- Upload files
- Use the form builder
Guest
External collaborators with restricted access:- Access only boards they are explicitly invited to
- View or edit items (depending on board-level permission)
- Post comments on accessible boards
- Cannot create boards, projects, or workspaces
Permissions Matrix
| Permission | Owner | Admin | Member | Guest |
|---|---|---|---|---|
| Delete organization | Yes | No | No | No |
| Manage billing | Yes | No | No | No |
| Manage members | Yes | Yes | No | No |
| Create workspaces | Yes | Yes | No | No |
| Delete workspaces | Yes | Yes | No | No |
| Access all workspaces | Yes | Yes | No | No |
| Create projects | Yes | Yes | Yes | No |
| Create boards | Yes | Yes | Yes | No |
| Delete boards | Yes | Yes | Creator only | No |
| Create items | Yes | Yes | Yes | If edit access |
| Edit items | Yes | Yes | Yes | If edit access |
| Delete items | Yes | Yes | Yes | No |
| Create automations | Yes | Yes | Yes | No |
| Manage integrations | Yes | Yes | No | No |
| View audit logs | Yes | Yes | No | No |
| Post comments | Yes | Yes | Yes | Yes |
| Upload files | Yes | Yes | Yes | If edit access |
| Create forms | Yes | Yes | Yes | No |
| Invite guests | Yes | Yes | Yes | No |
Workspace-Level Permissions
Each workspace has its own access controls:Workspace Admin
Workspace Admin
Can manage workspace settings, invite members to the workspace, and manage all projects within it.
Workspace Member
Workspace Member
Can create projects and boards, view all content, and edit items. Cannot change workspace settings.
Workspace Viewer
Workspace Viewer
Read-only access to all boards in the workspace. Useful for stakeholders who need visibility but should not edit.
Board-Level Permissions
Individual boards can have granular permissions:- Full Access — Can edit items, columns, groups, and board settings
- Edit Access — Can edit items but not board structure (columns, groups)
- Comment Only — Can view and comment but not edit items
- View Only — Read-only access
Board-level permissions override workspace-level permissions when they are more restrictive. A workspace member with “View Only” on a specific board can only view that board.
Column-Level Permissions
For sensitive data, you can restrict editing on specific columns:- Right-click a column header
- Select Column Permissions
- Choose who can edit: Everyone, Admins Only, or Specific Members
Custom Roles
Custom roles are available on Business and Enterprise plans.