Access Levels
Access Level controls two things: which parts of the admin panel a user can see, and which tenant-wide actions (like inviting users) they can perform. It does not control what a user can do inside a project — that is the Global Role.
The three levels
| Level | Admin panel access | Can invite users? | Can manage roles? | Can create projects? |
|---|---|---|---|---|
| Regular User | None — no admin panel | No | No | No |
| Project Admin | Admin panel (limited view) | Yes | No | Yes |
| Tenant Admin | Full admin panel | Yes | Yes | Yes |
Regular User
The default level for most team members. Regular Users have no access to the admin panel — they work entirely within the projects they have been added to. What they can do inside those projects is determined by their Global Role.
Project Admin
Grants access to the admin panel with a limited scope: creating and managing projects, and inviting users to the workspace. Project Admins cannot manage roles, change Access Levels, or modify workspace-level settings.
Tenant Admin
Full administrative access. Tenant Admins can manage all users, create and modify Global Roles, configure workspace settings, and perform all Project Admin actions. Assign this level carefully — it grants full control over the workspace.
How to change a user's Access Level
- Go to Admin → Users and open the All Users tab.
- Find the user and click the actions button (or their row) to open the edit modal.
- Select the new Access Level from the dropdown.
- Save the changes. The user's admin panel access updates immediately on their next page load.
You cannot change your own Access Level. This is intentional — it prevents accidental self-demotion and privilege escalation. Another Tenant Admin must make the change.
Access Level and invitations
When inviting a new user, you set their Access Level as part of the invitation form. It applies from the moment they accept. The default selection is Regular User — you must explicitly choose Project Admin or Tenant Admin if needed.
"Why can't I put admin permissions like Manage Users into a custom role?" Permissions like Manage Users and Manage Roles are tenant-level permissions — they are granted exclusively by Access Level, not by Global Roles. Global Roles can only contain project-level permissions (test cases, runs, etc.). This separation is intentional: it prevents anyone with role-editing access from accidentally granting themselves or others admin capabilities.