Roles & Permissions
Understand the role hierarchy in Nanabase and what each role can do. From Owner to Viewer, here's the complete permission reference.
Roles & Permissions#
Nanabase uses role-based access control (RBAC) to manage what members can do in your company workspace. Each member has exactly one role per company.
Role Hierarchy#
┌─────────┐
│ Owner │ Level 100 — Full control
└────┬────┘
│
┌────▼────┐
│ Admin │ Level 80 — Day-to-day management
└────┬────┘
│
┌────▼────┐
│ Member │ Level 50 — Regular use
└────┬────┘
│
┌────▼────┐
│ Viewer │ Level 20 — Read-only
└────┬────┘
│
┌────▼────┐
│ Pending │ Level 0 — Awaiting approval
└─────────┘
Higher roles can manage lower roles. For example, Admins can change Member and Viewer roles, but cannot affect other Admins.
Role Details#
Owner#
The Owner is the ultimate authority over the company workspace. There is always exactly one Owner.
Unique capabilities:
- Delete the company entirely
- Transfer ownership to another member
- Access billing and subscription management
- Cannot be demoted or removed
Also can do everything Admins can do.
Typical role holders:
- Company founder
- CEO
- IT Director
Every company has exactly one Owner. To change the Owner, current Owner must transfer ownership.
Admin#
Admins handle day-to-day workspace management. Multiple people can be Admins.
Capabilities:
- All contact operations (create, read, update, delete)
- Manage members (invite, remove, change roles up to Admin)
- Configure company settings
- View audit logs
- Import and export contacts
- Access admin panel
Cannot:
- Delete the company
- Transfer ownership
- Access billing (unless Owner grants access)
- Promote anyone to Owner
Typical role holders:
- Office managers
- HR leads
- Team leads
- Department heads
Member#
Members are regular team users who work with contacts day-to-day.
Capabilities:
- View all company contacts
- Create new contacts
- Edit contacts they created
- Delete contacts they created
- Share personal contacts to company
- View member directory
- View activity feed
- Use Who Knows Who search
- Request introductions
Cannot:
- Edit contacts created by others
- Delete contacts created by others
- Manage other members
- Access admin panel
- Change company settings
- Import/export contacts
Typical role holders:
- Sales representatives
- Account managers
- Regular employees
- Department staff
Viewer#
Viewers have read-only access. They can browse but not modify.
Capabilities:
- View contacts (based on visibility)
- Search contacts
- View member directory
- View company info
- Use Who Knows Who search
Cannot:
- Create contacts
- Edit anything
- Delete anything
- Share contacts
- Export data
- Request introductions (view only)
Typical role holders:
- Interns
- Contractors
- External partners
- Temporary access needs
Pending#
Pending members have requested to join but aren't approved yet.
Capabilities:
- None (awaiting approval)
Status:
- Visible in Team → Pending
- Requires Admin/Owner approval
- Can be approved or rejected
Permission Matrix#
Contact Permissions#
| Action | Owner | Admin | Member | Viewer | |--------|:-----:|:-----:|:------:|:------:| | View contacts | ✅ | ✅ | ✅ | ✅ | | Search contacts | ✅ | ✅ | ✅ | ✅ | | Create contacts | ✅ | ✅ | ✅ | ❌ | | Edit any contact | ✅ | ✅ | ❌ | ❌ | | Edit own contacts | ✅ | ✅ | ✅ | ❌ | | Delete any contact | ✅ | ✅ | ❌ | ❌ | | Delete own contacts | ✅ | ✅ | ✅ | ❌ | | Import contacts | ✅ | ✅ | ❌ | ❌ | | Export contacts | ✅ | ✅ | ❌ | ❌ |
Member Permissions#
| Action | Owner | Admin | Member | Viewer | |--------|:-----:|:-----:|:------:|:------:| | View members | ✅ | ✅ | ✅ | ✅ | | Invite members | ✅ | ✅ | ❌ | ❌ | | Approve join requests | ✅ | ✅ | ❌ | ❌ | | Remove members | ✅ | ✅ | ❌ | ❌ | | Change roles | ✅ | ✅* | ❌ | ❌ | | Transfer ownership | ✅ | ❌ | ❌ | ❌ |
*Admins can change roles up to Admin level, not Owner.
Settings Permissions#
| Action | Owner | Admin | Member | Viewer | |--------|:-----:|:-----:|:------:|:------:| | View settings | ✅ | ✅ | ❌ | ❌ | | Edit settings | ✅ | ✅ | ❌ | ❌ | | View audit logs | ✅ | ✅ | ❌ | ❌ | | Access billing | ✅ | ❌ | ❌ | ❌ | | Delete company | ✅ | ❌ | ❌ | ❌ |
Features Permissions#
| Feature | Owner | Admin | Member | Viewer | |---------|:-----:|:-----:|:------:|:------:| | Activity feed | ✅ | ✅ | ✅ | ✅ | | Who Knows Who | ✅ | ✅ | ✅ | ✅ | | Request intros | ✅ | ✅ | ✅ | ❌ | | Share contacts | ✅ | ✅ | ✅ | ❌ | | Admin panel | ✅ | ✅ | ❌ | ❌ |
Changing Roles#
Who Can Change Roles#
| Actor | Can Change | |-------|------------| | Owner | Anyone → Any role | | Admin | Members, Viewers → Admin or below | | Member | Nobody | | Viewer | Nobody |
How to Change a Role#
- Go to Team
- Find the member
- Click their role badge or the ⋮ menu
- Select Change Role
- Choose the new role
- Confirm the change
Role Change Effects#
When a role changes:
- Access updates immediately
- User may need to refresh their browser
- No data is lost
- Audit log records the change
Valid Role Transitions#
PROMOTIONS (↑):
Pending → Member (approve)
Viewer → Member → Admin → Owner*
DEMOTIONS (↓):
Admin → Member → Viewer
(Owner cannot be demoted, only transferred)
*Only Owner can promote to Owner (via transfer)
Ownership Transfer#
When to Transfer#
- Company leadership change
- Original owner leaving
- Restructuring responsibilities
How to Transfer#
- Current Owner goes to Settings → Company
- Scroll to Ownership
- Click Transfer Ownership
- Select the new Owner
- Confirm with password
- Transfer is immediate
What Happens#
- New Owner gets full control
- Old Owner becomes Admin
- All other roles unchanged
- Audit log records transfer
Ownership transfer cannot be undone without the new Owner's cooperation. Be certain before transferring.
Best Practices#
Least Privilege#
Give users the minimum role they need:
- Start new members as Member role
- Only promote to Admin when necessary
- Reserve Owner for one person
Role Distribution#
For a 50-person company:
- 1 Owner
- 2-3 Admins
- 40+ Members
- Few Viewers as needed
Regular Review#
- Quarterly: Review who has Admin access
- When people change roles: Update their Nanabase role
- When people leave: Remove promptly
Frequently Asked Questions#
Can someone have different roles in different companies? Yes. Roles are per-company. You might be Owner of your company and Member of a partner's workspace.
What if we need more granular permissions? Our current roles cover most use cases. Contact us if you have specific enterprise needs.
Can I create custom roles? Not currently. The four roles (Owner, Admin, Member, Viewer) cover standard organizational needs.
What happens if the Owner leaves without transferring? Contact support. We have a recovery process for this situation.
Can I restrict what contacts a role can see? All shared contacts are visible to all roles. For privacy, keep sensitive contacts in your private layer.