Roles and permissions, in full.

Help center

HelpSecurity and accessRoles and permissions, in full.

The four roles, the granular permissions behind each, and how to keep candidate data on a need-to-know footing.

Last reviewed 12 June 20263 min read

Four roles ship at V1: owner, admin, hiring manager, recruiter. Custom roles are V2.

The permission matrix, in plain terms.

Billing and workspace settings. Owners only.
Integrations (Slack, calendar, ATS export). Owners and admins.
Security policy (SSO, two-factor, session length). Owners and admins.
Posting and editing a role. Owners, admins, and hiring managers.
Reading the finalist card and overriding a rank. Owners, admins, hiring managers (their own roles), and recruiters (read-only).
Pipeline view (volume, drop-off, time-in-stage). Owners, admins, recruiters.
Candidate communication. Owners, admins, recruiters.
Audit log. Owners and admins.

Need-to-know enforcement.

A hiring manager sees the candidates on their own roles. They do not see candidates on other hiring managers roles, even within the same workspace. A recruiter sees pipeline-level data across roles, but the candidate transcripts open only on the roles where they are explicitly added as a recruiter.

Role transitions are immediate. Downgrading a teammate from admin to recruiter takes effect on their next page load; any open tabs lose the higher-permission surfaces on the next API call. Re-assigning ownership of an in-flight role to a new hiring manager preserves the candidate history and the override log.

Every read of a candidate transcript is logged. Owners and admins can pull the access log per candidate from the audit-log export.

What to do next: review the role of every existing teammate on Settings, Team, and downgrade anyone who does not need owner or admin.

rolespermissionsaccess controlsecurity