Skip to main content

Roles & Permissions

Cloud Feature

Roles and permissions are a Cloud-only feature. Self-hosted Core deployments are single-tenant and do not include role-based access control. See Cloud vs Self-Hosted for details.

Control what team members can do in your organization with role-based access control. Roles and members are managed in the LinkForty dashboard.

Overview

LinkForty uses role-based access control (RBAC) to manage permissions. Each organization member has a role that determines their capabilities.

Available Roles:

  • Owner - Full control (1 per organization)
  • Admin - Manage settings and members
  • Member - Create and manage links
  • Viewer - Read-only access

Role Comparison

PermissionOwnerAdminMemberViewer
Links
View linksYesYes
Create linksYesYesNo
Edit linksYesYesNo
Delete linksYesYesNo
Bulk operationsYesYesNo
Analytics
View analyticsYesYes
Export dataYesYesNo
Projects
View projectsYesYes
Create projectsYesYesNo
Edit projectsYesYesNo
Delete projectsYesNo
Team
View membersYesYes
Invite membersYesNo
Remove membersYesNo
Change rolesYes✅*No
Organization
View settingsYesYes
Edit settingsYesNo
Manage billingYesNoNo
Delete organizationYesNoNo
Webhooks
View webhooksYesYes
Create webhooksYesNo
Edit webhooksYesNo
Delete webhooksYesNo
Custom Domains
View domainsYesYes
Add domainsYesNo
Remove domainsYesNo
API Keys
View API keysYesYesNo
Create API keysYesNo
Delete API keysYesNo

* Admins can't promote members to Owner

Role Descriptions

Owner

The organization creator with full control.

Unique Abilities:

  • Delete organization
  • Manage billing and subscriptions
  • Transfer ownership
  • Cannot be removed (must transfer ownership first)

Limitations:

  • Only 1 owner per organization
  • Cannot leave without transferring ownership or deleting org

Use Case: Founder, company owner, billing administrator

Admin

Trusted team leads who manage the organization.

Can Do:

  • Manage all settings
  • Invite and remove members
  • Create and manage resources
  • Change member roles (except Owner)

Cannot Do:

  • Delete organization
  • Manage billing
  • Promote to Owner

Use Case: Team leads, managers, senior staff

Member

Regular team members who work with links.

Can Do:

  • Create and manage links
  • View analytics
  • Work with projects
  • Export data

Cannot Do:

  • Invite team members
  • Change settings
  • Manage billing
  • Delete organization

Use Case: Marketing team, content creators, developers

Viewer

Read-only access for stakeholders.

Can Do:

  • View links
  • View analytics
  • View projects
  • View team members

Cannot Do:

  • Create or edit anything
  • Export data
  • Invite members

Use Case: Clients, stakeholders, auditors, interns

Managing Roles

Viewing Member Roles

Go to Settings → Team to see all members with their roles and join dates.

Changing Member Roles

  1. Go to Settings → Team
  2. Open the member's role dropdown
  3. Select a new role and save

Requires: Owner or Admin role.

Restrictions:

  • Admins cannot promote anyone to Owner
  • The Owner role can't be reassigned this way — use Transfer Ownership
  • You can't lower your own role

Transferring Ownership

Only the current owner can transfer ownership:

  1. Go to Settings → Organization
  2. Scroll to "Transfer Ownership"
  3. Select the new owner (must be an existing member)
  4. Click "Transfer" and confirm

When ownership transfers, the new owner gets the Owner role, the previous owner becomes an Admin, and billing moves to the new owner. This can't be undone except by transferring back.

Permission Enforcement

Permissions are enforced server-side on every request — a member can never perform an action their role disallows, regardless of what the UI shows. The dashboard also hides actions a member can't take (for example, only Owners see "Delete Organization"; only Owners and Admins see "Invite Member"), so the interface always matches each member's role.

Common Scenarios

1. Small Team (2-5 people)

Setup:

  • 1 Owner (founder)
  • 1-2 Admins (co-founders, leads)
  • 1-2 Members (team)

Rationale: Everyone can work, admins handle team management.

2. Agency (10-25 people)

Setup:

  • 1 Owner (agency owner)
  • 2-3 Admins (department heads)
  • 15-20 Members (account managers, creators)
  • 2-5 Viewers (clients)

Rationale: Hierarchy with client visibility.

3. Large Organization (50+ people)

Setup:

  • 1 Owner (IT administrator)
  • 5-10 Admins (team leads)
  • 40+ Members (employees)
  • 10+ Viewers (stakeholders)

Rationale: Scaled management with many contributors.

4. Freelancer + Client

Setup:

  • 1 Owner (freelancer)
  • 1-2 Viewers (client stakeholders)

Rationale: Client can monitor without editing.

Best Practices

1. Principle of Least Privilege

Give minimum permissions needed:

Good:

  • Client monitoring campaign → Viewer
  • Marketing creating links → Member
  • Team lead managing settings → Admin

Bad:

  • Everyone is Admin
  • Client has Member access

2. Regular Audits

Review your team in Settings → Team quarterly — remove inactive members and adjust roles to match current responsibilities.

3. Document Role Assignments

Keep a record of why roles were assigned:

# Team Roles

- [email protected] (Owner) - Founder, handles billing
- [email protected] (Admin) - Marketing lead
- [email protected] (Member) - Content creator
- [email protected] (Viewer) - Client stakeholder

4. Limit Admins

Don't make everyone admin:

Recommended:

  • Owners: 1
  • Admins: 10-20% of team
  • Members: 70-80% of team
  • Viewers: Case-by-case

Troubleshooting

"You don't have permission"

Cause: Your role doesn't allow this action

Fix:

  1. Check your role (profile menu)
  2. Contact admin/owner to elevate permissions
  3. Ask admin to perform action

Can't Change Own Role

Cause: Can't demote yourself

Fix: Ask another admin/owner to change your role

Can't Remove Owner

Cause: Owner can't be removed

Fix: Owner must transfer ownership first, then leave

Security

Access Control

  • Role verification on every API call
  • UI enforcement hides unauthorized actions
  • Audit logging tracks role changes (Unlimited)

Recommendations

  • Regularly review team members
  • Remove inactive accounts
  • Use Viewer role for read-only access
  • Require 2FA for Admins and Owners (Unlimited)

Next Steps

  1. Review current team roles
  2. Assign appropriate permissions
  3. Document role decisions
  4. Set up regular permission audits