Roles & Permissions
EOS Hub uses a two-layer permission system: System Roles control global access, while Team Roles control what a user can do within a specific team.
System Roles
System roles are assigned at the user level and apply across the entire application.
| Role | Description |
|---|---|
SUPERADMIN | Full access to everything: all teams, all data, admin panel |
USER | Standard user; access determined by team memberships |
SUPERADMIN
A SUPERADMIN can:
- View and manage all teams, regardless of membership
- Access the admin panel
- Create and delete users
- Change system roles
- Modify any team's data
WARNING
Grant SUPERADMIN access sparingly. In most organizations, only one or two people need this level of access.
USER
A USER can only access teams they have been added to as a member. Their capabilities within each team are determined by their team role.
Team Roles
Team roles are assigned per team. A user can have different roles in different teams.
| Role | Description |
|---|---|
OWNER | Full control of the team |
ADMIN | Can manage team data and members |
MEMBER | Can contribute to meetings, update own data |
VIEWER | Read-only access to team data |
Permissions Matrix
| Action | OWNER | ADMIN | MEMBER | VIEWER |
|---|---|---|---|---|
| View dashboard | Yes | Yes | Yes | Yes |
| View Scorecard | Yes | Yes | Yes | Yes |
| Edit Scorecard values | Yes | Yes | Yes | No |
| Add/remove measurables | Yes | Yes | No | No |
| Create Rocks | Yes | Yes | Yes | No |
| Edit any Rock | Yes | Yes | No | No |
| Edit own Rock | Yes | Yes | Yes | No |
| Create Issues | Yes | Yes | Yes | No |
| Resolve Issues | Yes | Yes | Yes | No |
| Create To-Dos | Yes | Yes | Yes | No |
| Complete own To-Dos | Yes | Yes | Yes | No |
| Edit V/TO | Yes | Yes | No | No |
| Create Meetings | Yes | Yes | No | No |
| Participate in Meetings | Yes | Yes | Yes | No |
| Manage team members | Yes | Yes | No | No |
| Delete team | Yes | No | No | No |
| Manage People Analyzer | Yes | Yes | No | No |
| Edit Accountability Chart | Yes | Yes | No | No |
OWNER
The team Owner has full control over the team, including the ability to delete it. Every team must have at least one Owner.
ADMIN
Admins can manage team data, add or remove members, and configure team settings. They cannot delete the team.
MEMBER
Members are active participants. They can create and update their own Rocks, To-Dos, and Issues, participate in meetings, and enter Scorecard values.
VIEWER
Viewers have read-only access. They can see the dashboard, Scorecard, Rocks, and other data, but cannot modify anything. This role is useful for stakeholders who need visibility without participation.
How Roles Interact
Consider a user who is:
USERsystem roleOWNERof the Sales teamMEMBERof the Leadership team
This user can fully manage the Sales team (add members, edit V/TO, delete the team) but can only participate as a regular contributor in the Leadership team.
A SUPERADMIN, regardless of team roles, can access and modify everything.
Managing Roles
Changing System Roles
System roles can only be changed by a SUPERADMIN:
- Navigate to Admin > Users.
- Find the user.
- Click Edit.
- Change the System Role dropdown.
Changing Team Roles
Team roles are managed by team Owners and Admins:
- Navigate to Admin > Teams.
- Select the team.
- Find the member in the member list.
- Change their role using the dropdown.
TIP
When onboarding a new leadership team member, add them as a MEMBER first. Promote to ADMIN or OWNER after they are comfortable with the platform.
Next Steps
- Organizations & Teams -- How teams are structured
- Admin Panel -- Managing the platform
- User Management -- Creating and editing users