Five Default Roles

ILLIXIS includes five system roles that cover most team structures:

Owner (Level 100) Full access to everything. Manages billing, invites team members, and configures settings. Every account has exactly one owner. The owner cannot be demoted.

Admin (Level 30) Manages team and settings but cannot access billing. Admins can invite users, change roles, and configure all content settings. Use this for trusted team members who help manage operations.

Editor (Level 20) Creates, edits, and publishes content. Editors can create briefs, generate articles, publish to your CMS, and view analytics. They cannot modify settings or manage team members.

Writer (Level 10) Creates and edits their own content only. Writers can create briefs and generate content but cannot edit other people's work or publish externally. Use this for freelance writers or junior team members.

Viewer (Level 0) Read-only access to dashboards and content. Viewers can see briefs, articles, and analytics but cannot create, edit, or publish anything. Use this for stakeholders who need visibility without editing access.

25 Granular Permissions

Each role is composed of individual permissions. This is what determines actual access:

Content Permissions

  • content:view - View all content
  • content:create - Create new content
  • content:edit - Edit any content
  • content:edit_own - Edit only own content
  • content:delete - Delete content
  • content:publish - Publish to external platforms (WordPress, Shopify, etc.)

Brief Permissions

  • briefs:view - View content briefs
  • briefs:create - Create new briefs
  • briefs:edit - Edit briefs
  • briefs:delete - Delete briefs
  • briefs:approve - Approve briefs for production

Report Permissions

  • reports:view - View generated reports
  • reports:create - Generate new reports
  • reports:download - Download report PDFs
  • reports:schedule - Create scheduled reports

Settings Permissions

  • settings:view - View tenant settings
  • settings:edit - Modify tenant settings

User Management Permissions

  • users:view - View team members
  • users:invite - Invite new team members
  • users:edit_roles - Change user roles
  • users:remove - Remove team members

Billing Permissions

  • billing:view - View billing information
  • billing:manage - Manage subscription and payments (Owner only)

Analytics Permissions

  • analytics:view - View analytics dashboards
  • analytics:export - Export analytics data

Permission Matrix

What each role can do:

| Permission | Owner | Admin | Editor | Writer | Viewer |
|------------|-------|-------|--------|--------|--------|
| View content | ✓ | ✓ | ✓ | ✓ | ✓ |
| Create content | ✓ | ✓ | ✓ | ✓ | |
| Edit any content | ✓ | ✓ | ✓ | | |
| Edit own content | ✓ | ✓ | ✓ | ✓ | |
| Delete content | ✓ | ✓ | | | |
| Publish content | ✓ | ✓ | ✓ | | |
| Create briefs | ✓ | ✓ | ✓ | ✓ | |
| Edit briefs | ✓ | ✓ | ✓ | | |
| Approve briefs | ✓ | ✓ | | | |
| View reports | ✓ | ✓ | ✓ | | ✓ |
| Download reports | ✓ | ✓ | ✓ | | |
| View settings | ✓ | ✓ | | | |
| Edit settings | ✓ | ✓ | | | |
| Invite users | ✓ | ✓ | | | |
| Change roles | ✓ | ✓ | | | |
| Remove users | ✓ | ✓ | | | |
| Manage billing | ✓ | | | | |
| View analytics | ✓ | ✓ | ✓ | ✓ | ✓ |
| Export analytics | ✓ | ✓ | | | |

Managing Your Team

Inviting Team Members

Navigation: Dashboard → Team Management → Send Invitation

  1. Enter team member's email address
  2. Select their role (Editor is default)
  3. Add optional personal message
  4. Click "Send Invitation"

Invitations expire after 7 days. You can resend expired invitations from Team Management.

Changing User Roles

Navigation: Team Management → Click icon next to member name → Change Role

  1. Select new role from dropdown
  2. Click "Update Role"

You cannot change the owner's role or demote yourself if you're the owner.

Removing Team Members

Navigation: Team Management → Click icon next to member name → Remove

Removed users lose access immediately. They do not receive a notification. You can re-invite them later if needed.

You cannot remove:

  • The account owner
  • Yourself (contact support to leave a team)

Viewing Pending Invitations

Navigation: Team Management → Invitations tab

See all invitations that haven't been accepted yet. You can resend or revoke invitations from this screen.

Custom Roles

Enterprise plans can create custom roles with specific permission combinations.

Navigation: Team Management → Roles → Create Custom Role

  1. Name your role (e.g., "Social Media Manager")
  2. Set role level (1-99, determines hierarchy)
  3. Select permissions to include
  4. Add description
  5. Click "Create Role"

Custom roles appear in the role selector when inviting users.

Example Custom Roles:

Social Media Manager (Level 15)

  • content:view
  • content:create
  • briefs:view
  • briefs:create
  • analytics:view
  • users:view

Content Reviewer (Level 25)

  • content:view
  • content:edit
  • briefs:view
  • briefs:approve
  • reports:view
  • analytics:view

Analytics Specialist (Level 12)

  • content:view
  • briefs:view
  • reports:view
  • reports:create
  • reports:download
  • analytics:view
  • analytics:export

Permission Enforcement

Permissions control both UI visibility and API access:

UI Changes Users only see features they have access to. If a Writer visits the Settings page, they'll see "Permission Denied."

API Protection All API endpoints check permissions. If a user tries to access a restricted endpoint, they receive a 403 Forbidden error.

Background Task Execution Background tasks inherit the user's permissions. A Writer cannot trigger a task that requires publish permissions, even via API.

Staff Impersonation

ILLIXIS staff can impersonate tenants for support purposes. When staff impersonate your account:

  • They have full Owner-level access
  • All actions are logged in the audit trail
  • You receive an email notification when impersonation starts and ends
  • Staff cannot view billing information (even with impersonation)

Impersonation is only used when you request support and grant access.

Trial Limitations

Trial accounts have additional restrictions regardless of role:

  • Cannot invite more than 2 team members
  • Cannot create custom roles
  • All team invitations expire when trial ends

Upgrade to a paid plan to unlock full team features.

Quota Tracking by User

All quota usage is tracked at the tenant level, not per user. This means:

  • A Writer generating 3 briefs consumes from the tenant's brief quota
  • An Editor publishing 5 articles counts toward the tenant's article quota
  • Quotas do not reset per user

The Owner can see quota usage breakdown by user in Billing → Usage Details.

Security Best Practices

Principle of Least Privilege Assign the lowest role that allows someone to do their job. Don't make everyone an Admin.

Regular Audits Review your team list monthly. Remove users who no longer need access.

Use Writers for Freelancers Contractors and freelancers should be Writers, not Editors. This prevents them from editing other people's work or publishing directly.

Admin for Core Team Only Reserve Admin role for trusted, long-term team members who help manage operations.

Separate Content from Billing Editors and Writers don't need to see billing information. Keep financial access limited to Owner and authorized finance staff.

Common Questions

Q: Can I have multiple Owners? No. Every account has exactly one Owner. If ownership needs to transfer (e.g., founder departure), contact support to initiate an ownership transfer.

Q: Can a Writer see other Writers' content? Yes, Writers can view all content (content:view), but they can only edit their own (content:edit_own).

Q: What happens to content when I remove a user? Content remains in your account. It shows the removed user as the creator but can be edited by anyone with content:edit permission.

Q: Can Editors see billing information? No. Only the Owner has access to billing (billing:view, billing:manage).

Q: Can I temporarily revoke someone's access? Yes. Remove them from the team, then re-invite them when they need access again. Alternatively, create a custom "Suspended" role with no permissions and assign them to it.

Q: Do custom roles cost extra? Custom roles are included with Enterprise plans. Starter and Professional plans use the 5 default roles only.

Q: Can I see who did what? Yes. The audit log (available to Owner and Admin) tracks all significant actions with timestamps and user attribution.

Q: What if someone needs access to just one feature? Create a custom role with only the specific permissions required. For example, a "Report Viewer" role with reports:view and reports:download.

Related Documentation

  • Team Management Dashboard - See all team members and their roles
  • Audit Logs - Track all permission-sensitive actions
  • API Authentication - Use API keys with permission scopes

Questions? Email support@illixis.io or ask Maya (bottom-right chat icon).

More in Account & Settings

Approval Workflows

Control who reviews and approves content before it goes live. ILLIXIS approval workflows let you build multi-stage review chains with role-based approvers, deadlines, and automatic escalation.

Audit Logs

ILLIXIS automatically records every significant action in the platform with an immutable audit trail. Track who did what, when, and from where - critical for compliance SOC 2, GDPR, security investigations, and accountability.

White-Label Branding

Replace ILLIXIS branding with your own across the entire platform. Perfect for agencies delivering client work or businesses wanting a fully branded experience.

Two-Factor Authentication (2FA) Setup

Two-factor authentication 2FA adds an extra layer of security to your ILLIXIS account. When enabled, you'll need both your password and a verification code from your phone to sign in.

Zapier Integration

Last Updated: February 5, 2026

← Back to Help Center

Ready to lose the stack?

One platform. You approve. ILLIXIS executes. Marketing that just happens.

Join the waitlistNo spam, everUnsubscribe anytime
First 20 founding members: 50% off any plan for your first year.

Marketing, Unstacked.