# Roles & Permissions

Understand and manage roles within your organization.

### Understanding Roles

Roles determine what users can see and do in Kaana. Each user has one role.

### Standard Roles

#### Owner

The highest level of access:

* All administrative permissions
* Billing and subscription management
* Can manage other admins
* Full access to all features

#### Admin

Administrative access:

* Create and manage all projects
* Manage users (except owners)
* Configure settings
* Access all reports
* Cannot manage billing

#### Member

Standard team access:

* View projects they're assigned to
* Create and edit tasks
* Upload documents
* Log activities
* Limited settings access

#### Guest

Read-only access:

* View assigned projects
* View documents
* Cannot create or edit
* Limited navigation

### Permission Categories

Permissions are grouped by feature.

#### Project Permissions

* View projects
* Create projects
* Edit own projects
* Edit all projects
* Delete projects

#### Document Permissions

* View documents
* Upload documents
* Edit own documents
* Edit all documents

#### Activity Permissions

* View activities
* Create activities
* Edit own activities
* Edit all activities

#### Issue Permissions

* View issues
* Create issues
* Edit own issues
* Edit all issues

#### Administrative Permissions

* Manage users
* Manage roles
* Configure integrations
* Access reports

### Custom Roles

Administrators can create custom roles.

{% stepper %}
{% step %}

### Create a Custom Role

Go to **Settings** > **Roles**, click **+ New Role**, then enter:

* **Role Name** — e.g., "Project Manager"
* **Description** — What this role is for

Select permissions for each category and click **Create**.
{% endstep %}

{% step %}

### Edit a Custom Role

* Find the role in the list
* Click to open
* Modify permissions
* Save changes

Changes affect all users with that role.
{% endstep %}

{% step %}

### Delete a Custom Role

* Open the role
* Click **Delete**
* Choose where to move affected users
* Confirm

Note: Standard roles cannot be deleted.
{% endstep %}
{% endstepper %}

### Assigning Roles

{% stepper %}
{% step %}

### Set User Role

* Go to **Settings** > **Users**
* Open the user
* Select role from dropdown
* Save
  {% endstep %}

{% step %}

### Multiple Role Assignment

Some organizations allow users to have different roles on different projects. Contact your administrator for details.
{% endstep %}
{% endstepper %}

### Ownership-Based Permissions

Some permissions check ownership:

* "Own" items — Users can only modify content they created
* "All" items — Users can modify any content

Example: A Member with "Edit own projects" can edit projects they created but not others.

### Permission Inheritance

Higher roles include lower role permissions:

* Owner > Admin > Member > Guest

An Admin has all Member permissions plus additional access.

### Troubleshooting Access

<details>

<summary>"Access Denied" Message</summary>

This means your role doesn't have permission for that action. Contact your administrator if you need access.

</details>

<details>

<summary>Missing Menu Items</summary>

Navigation only shows items you can access. Missing items may indicate:

* Your role doesn't have access
* The feature is disabled

Contact admin for clarification.

</details>

<details>

<summary>Can't Find a Feature</summary>

Check if:

* Your role has access
* The feature is enabled for your organization
* You're looking in the right section

</details>

### Best Practices

#### Role Assignment

* Assign minimum necessary access
* Review roles during onboarding
* Update as responsibilities change

#### Custom Roles

* Create roles for common job functions
* Name roles clearly
* Document role purposes

#### Regular Review

* Audit permissions periodically
* Remove unnecessary access
* Update as features change