Roles & Permissions
Understand the six user roles in SeedGovernance and what each one can do.
Overview
SeedGovernance uses a role-based access control (RBAC) system to manage what each user in your workspace can see and do. Every team member is assigned exactly one role, and the workspace owner can change roles at any time from Settings → Team.
There are six roles, ranging from full administrative control to read-only access:
Role descriptions
Owner
The person who created the account. There is exactly one Owner per workspace. The Owner has unrestricted access to every feature, including billing, account deletion, and the ability to transfer ownership to another Admin. The Owner role cannot be removed -- it can only be transferred.
Admin
Admins have the same permissions as the Owner except they cannot delete the workspace, transfer ownership, or manage billing. Admins can invite and remove team members, change roles, activate/deactivate frameworks, and manage all governance content. Best suited for senior compliance leads or department heads who need full operational control.
Consultant
A specialised role designed for external governance consultants who advise your organisation. Consultants can view and edit governance documents, run assessments, and view the gap analysis dashboard. They cannot manage team members, change settings, access billing, or export documents in bulk. Consultant access can be time-limited with an expiration date.
Steward
The hands-on governance contributor. Stewards can create and edit documents, complete assessments, upload evidence, and view gap analysis results. They cannot manage team members, change workspace settings, or access billing. This is the default role for most day-to-day governance team members.
Viewer
Read-only access to all governance content. Viewers can browse documents, view assessment results, and explore the gap analysis dashboard, but they cannot edit anything. Useful for executives, board members, or stakeholders who need visibility without the ability to make changes.
Auditor
A time-limited, read-only role specifically designed for external auditors conducting compliance assessments. Auditors can only access the content explicitly shared with them through an Auditor Link (see Auditor Links). They cannot see team members, settings, billing, or any content outside the audit scope. Auditor access automatically expires after the date set by the Owner or Admin.
Permission matrix
The following table shows what each role can and cannot do:
| Permission | Owner | Admin | Consultant | Steward | Viewer | Auditor |
|---|---|---|---|---|---|---|
| View governance documents | Yes | Yes | Yes | Yes | Yes | Scoped |
| Create & edit documents | Yes | Yes | Yes | Yes | No | No |
| Complete assessments | Yes | Yes | Yes | Yes | No | No |
| Upload evidence | Yes | Yes | Yes | Yes | No | No |
| View gap analysis | Yes | Yes | Yes | Yes | Yes | Scoped |
| Export documents | Yes | Yes | No | Yes | No | No |
| Activate/deactivate frameworks | Yes | Yes | No | No | No | No |
| Invite & remove team members | Yes | Yes | No | No | No | No |
| Change user roles | Yes | Yes | No | No | No | No |
| Create auditor links | Yes | Yes | No | No | No | No |
| Manage workspace settings | Yes | Yes | No | No | No | No |
| Access billing & invoices | Yes | No | No | No | No | No |
| Transfer ownership | Yes | No | No | No | No | No |
| Delete workspace | Yes | No | No | No | No | No |
"Scoped" means the Auditor can only see content that has been explicitly included in the Auditor Link they were given. They do not have access to the full document library or gap analysis dashboard.
Roles available per plan
Not all roles are available on every plan:
| Role | Starter | Pro | Enterprise |
|---|---|---|---|
| Owner | Yes | Yes | Yes |
| Admin | Yes | Yes | Yes |
| Steward | Yes (up to 3 total users) | Yes (up to 10 total users) | Yes (unlimited) |
| Viewer | Yes (up to 3 total users) | Yes (up to 10 total users) | Yes (unlimited) |
| Consultant | No | Yes | Yes |
| Auditor | No | Yes | Yes |
On the Starter plan, the total number of users (Owner + Admin + Steward + Viewer combined) is capped at 3. To use Consultant or Auditor roles, or to add more than 3 users, upgrade to the Pro or Enterprise plan.
How to assign and change roles
Assigning a role during invitation
- Go to Settings → Team
- Click Invite Member
- Enter the person's email address
- Select the role from the dropdown menu
- Click Send Invitation
The invited person receives an email with a link to accept the invitation and join the workspace. Until they accept, the invitation appears as "Pending" in the team list.
Changing an existing member's role
- Go to Settings → Team
- Find the team member in the list
- Click the role badge next to their name
- Select the new role from the dropdown
- Confirm the change
Role changes take effect immediately. The affected user will see their updated permissions the next time they load a page or on their next login.
Transferring ownership
Only the current Owner can transfer ownership. To do so:
- Go to Settings → Team
- Click the menu icon next to an Admin's name
- Select Transfer Ownership
- Confirm by entering your password or re-authenticating
After the transfer, the previous Owner is automatically downgraded to Admin. Ownership can only be transferred to someone who already has the Admin role.