Roles and Permissions
Roles and Permissions
Control what team members can access and modify with role-based permissions.
Why Roles Matter
Different team members need different access levels:
- Admins: Full control for founders/HR leads
- Hiring Managers: Campaign ownership for department heads
- Recruiters: Operational access for recruiting coordinators
- Reviewers: View-only for interview panelists
Proper role assignment ensures security while enabling collaboration.
Available Roles
Admin
Who needs this: Organization owners, HR directors, founders
Can do:
- ✅ All hiring manager capabilities
- ✅ Invite and remove team members
- ✅ Manage billing and subscription
- ✅ Configure organization settings
- ✅ Access all campaigns automatically
- ✅ Delete campaigns and candidates
- ✅ Export all organizational data
- ✅ View audit logs
Cannot do:
- ❌ Nothing—full access
Recommendation: Limit to 1-2 people maximum.
Hiring Manager
Who needs this: Department heads, team leads, senior managers
Can do:
- ✅ Create new campaigns
- ✅ Configure campaign settings
- ✅ Add and remove candidates
- ✅ Request assessments
- ✅ View all assessment results
- ✅ Export campaign data
- ✅ Invite team members to specific campaigns
- ✅ Delete candidates from their campaigns
- ✅ Archive campaigns they own
Cannot do:
- ❌ Access campaigns they're not assigned to
- ❌ Manage organization members
- ❌ Change billing settings
- ❌ Delete other managers' campaigns
- ❌ View org-wide analytics
Recommendation: Assign to anyone leading a hiring effort.
Recruiter
Who needs this: Recruiting coordinators, sourcers, talent acquisition
Can do:
- ✅ Add candidates to assigned campaigns
- ✅ Edit candidate information
- ✅ Upload resumes and documents
- ✅ Request assessments
- ✅ View assessment results
- ✅ Add comments on candidates
- ✅ Change candidate status
- ✅ Use comparison tools
- ✅ Export candidate data
Cannot do:
- ❌ Create new campaigns
- ❌ Modify campaign settings
- ❌ Delete candidates (can change status instead)
- ❌ Invite team members
- ❌ Archive campaigns
- ❌ Access unassigned campaigns
Recommendation: Best for operational team members handling candidate pipeline.
Reviewer
Who needs this: Interview panelists, advisors, occasional contributors
Can do:
- ✅ View assigned campaigns
- ✅ View candidates and assessments
- ✅ Read agent reports
- ✅ Add comments on candidates
- ✅ Export individual candidate PDFs
- ✅ Use comparison tools (view only)
Cannot do:
- ❌ Add or edit candidates
- ❌ Request assessments
- ❌ Change candidate status
- ❌ Modify campaign settings
- ❌ Create campaigns
- ❌ Bulk export data
- ❌ Invite others
Recommendation: Ideal for giving visibility without editing power.
Permission Matrix
| Action | Admin | Hiring Manager | Recruiter | Reviewer |
|---|---|---|---|---|
| Organization | ||||
| Manage members | ✅ | ❌ | ❌ | ❌ |
| Billing settings | ✅ | ❌ | ❌ | ❌ |
| Org settings | ✅ | Limited | ❌ | ❌ |
| Campaigns | ||||
| Create campaign | ✅ | ✅ | ❌ | ❌ |
| Edit campaign settings | ✅ | Own only | ❌ | ❌ |
| Archive campaign | ✅ | Own only | ❌ | ❌ |
| Delete campaign | ✅ | Own only | ❌ | ❌ |
| Candidates | ||||
| Add candidates | ✅ | ✅ | ✅ | ❌ |
| Edit candidates | ✅ | ✅ | ✅ | ❌ |
| Delete candidates | ✅ | ✅ | ❌ | ❌ |
| View candidates | ✅ | ✅ | ✅ | ✅ |
| Assessments | ||||
| Request assessment | ✅ | ✅ | ✅ | ❌ |
| View assessments | ✅ | ✅ | ✅ | ✅ |
| Collaboration | ||||
| Add comments | ✅ | ✅ | ✅ | ✅ |
| Share candidates | ✅ | ✅ | ✅ | View only |
| Data Export | ||||
| Export candidates | ✅ | ✅ | ✅ | Limited |
| Bulk export | ✅ | ✅ | ❌ | ❌ |
Changing Roles
Updating a Team Member's Role
- Go to Team Members page
- Find the member
- Click menu (•••) → "Change Role"
- Select new role
- Confirm change
Changes take effect immediately.
When to Upgrade Roles
Recruiter → Hiring Manager:
- When they need to own a campaign
- Leading a hiring initiative
- Need to configure evaluation criteria
Reviewer → Recruiter:
- When they need to add candidates
- Taking more active role
- Joining recruiting team
When to Downgrade Roles
Hiring Manager → Reviewer:
- Campaign completed
- Moving to advisory role
- Reducing responsibilities
Admin → Hiring Manager:
- No longer needs org-wide access
- Focus on specific campaigns only
- Principle of least privilege
Campaign-Specific Access
Even within roles, you can limit campaign access.
Granting Campaign Access
- Open campaign settings
- Go to "Team Access" tab
- Click "Add Member"
- Select team member
- Choose their campaign-specific role:
- Owner (can modify settings)
- Contributor (can add/edit candidates)
- Viewer (read-only for this campaign)
- Save
Removing Campaign Access
- Campaign settings → Team Access
- Find member in list
- Click "Remove Access"
They retain organization membership but can't access this campaign.
Custom Permissions (Enterprise)
Enterprise plans can create custom roles:
- Organization settings → "Roles"
- Click "Create Custom Role"
- Name the role (e.g., "Contract Recruiter")
- Select specific permissions
- Save and assign to members
Use cases:
- External contractors with limited access
- Compliance roles (view only + export)
- Specialized workflows
Permission Inheritance
Organization-Level
Set default role when inviting to organization.
Campaign-Level
Can be more or less permissive than org role:
- Org: Reviewer → Campaign: Contributor (upgraded for this campaign)
- Org: Hiring Manager → Campaign: Viewer (downgraded for this campaign)
Campaign permissions override organization permissions for that campaign.
Best Practices
Least privilege principle: Start with minimal access, grant more as needed.
Role clarity: Explain roles when inviting members so they know what they can do.
Regular review: Quarterly audit of who has what access and why.
Document standards: Create your own guide for when to assign each role.
Remove promptly: When team members leave, remove access same day.
Common Role Assignments
Small Startup (5 people)
- Founder: Admin
- Head of Engineering: Hiring Manager
- 3 team members: Reviewer
Mid-Size Company (50 people)
- HR Director: Admin
- 5 Department Heads: Hiring Manager
- 3 Recruiters: Recruiter
- 15 Interview Panelists: Reviewer (access to relevant campaigns)
Enterprise (500+ people)
- CHRO: Admin
- VP HR: Admin
- 20 Hiring Managers: Hiring Manager
- 10 Recruiting Coordinators: Recruiter
- 100+ Interviewers: Reviewer (campaign-specific)
Security Implications
Admin Role Security
Admins can:
- See all financial data
- Delete entire campaigns
- Remove other members
- Access all candidate PII
Protect this role: Use 2FA, strong passwords, limit to trusted individuals.
Data Access by Role
PII access:
- Admin, Hiring Manager, Recruiter: Full candidate PII
- Reviewer: Full PII for assigned campaigns only
Financial data:
- Admin only
Audit logs:
- Admin only
Next Steps
- Invite team members with appropriate roles
- Share candidates for collaboration
- Set up team communication workflows
Quick Reference
Need to: Create campaigns → Assign: Hiring Manager
Need to: Add many candidates → Assign: Recruiter
Need to: Just review and comment → Assign: Reviewer
Need to: Manage organization → Assign: Admin