Organization Management

Roles and Permissions

RenderStack uses Role-Based Access Control (RBAC) to manage what each team member can do within an organization. Every member is assigned one of four roles.

Role Overview#

PermissionOwnerAdminUserViewer
View templatesYesYesYesYes
Create/edit templatesYesYesYesNo
Delete templatesYesYesOwn onlyNo
View rendersYesYesOwn onlyOwn only
Create renders (API)YesYesYesNo
Upload assetsYesYesYesNo
Delete assetsYesYesOwn onlyNo
Create API keysYesYesYesNo
View all API keysYesYesNoNo
Revoke any API keyYesYesNoNo
Invite membersYesYesNoNo
Change member rolesYesYesNoNo
Remove membersYesYesNoNo
Transfer ownershipYesNoNoNo
Manage billingYesNoNoNo
Configure settingsYesYesNoNo
Configure allowed hostsYesYesNoNo
Configure AWS S3YesYesNoNo
Manage webhooksYesYesNoNo
View activity logYesYesLimitedLimited
Use AI AssistantYesYesYesYes

Owner#

The Owner has full control over the organization, including billing management and the ability to transfer ownership. Each organization has exactly one Owner. The Owner cannot be removed from the organization.

Admin#

Admins have nearly the same permissions as the Owner, except they cannot manage billing or transfer ownership. Admins can manage all members, settings, and resources.

User#

Users can create and manage their own templates, renders, and API keys. They cannot manage other members or configure organization settings. Users see only their own API keys and render history.

Viewer#

Viewers have read-only access. They can view templates and assets but cannot create, edit, or delete anything. Viewers can use the AI Assistant to ask questions about the data they can see.

Changing Roles#

Owners and Admins can change any member role from the Members page. See Managing Members for instructions.