Roles & Permissions
Sosyabot uses a five-role hierarchy on workspace members. Roles are stored on the workspace_member record and enforced at the API layer.
The roles
| Role | Rank | Can do |
|---|---|---|
owner | 5 | Everything in admin plus billing changes, workspace deletion. |
admin | 4 | Manage members, channels, integrations; configure workspace; not billing. |
editor | 3 | Create, schedule, publish posts; manage labels and campaigns. |
author | 2 | Create drafts; submit for review. Default invitation role. |
viewer | 1 | Read-only. |
The numeric ROLE_RANK is used internally for "at least admin" gates (rank >= 4).
Mapping to platform permissions
The admin permission on the user record (separate from the workspace role) grants instance-level admin panel access — see Admin Overview. Workspace owners and admins manage their own workspace; admin-permission users can manage every workspace.
Changing roles
PATCH /api/v1/workspace/members/:id { role: "editor" }Only owners can promote to / demote from owner. Admins can change any role below owner.