Documentation

Roles and permissions

Manage who can do what in your workspace.

Suggest Edits

Overview of roles in Atono

Atono defines user access at two levels: Workspace roles and Team roles.


Workspace roles

Workspace roles define a user's primary level of access across the workspace, including managing users, settings, integrations, and product-related features. These role include:

  • Workspace Owner — Highest levels of permissions, including managing plans and billing.
  • Administrator — Same privileges as Workspace Owners, but without access to plans and billing.
  • Product Manager — Once assigned in a workspace, responsible for managing product themes.
  • Standard user — Typical role of most users in Atono, assigned by default.

Team roles

Team roles provide additional permissions within a specific team. Team roles do not change a user's primary workspace role but allow for more control over a team without granting broader system-wide access. These roles include:

  • Team member — Granted automatically when the user becomes a member of a public or private team.
  • Team administrator — Provides additional administrative abilities for a team. The user doesn't need to be a member of the team to be its administrator.
  • Backlog owner — When assigned to a team, responsible managing and prioritizing upcoming stories in the team's backlog. The user doesn't need to be a member of the team to be its backlog owner.

Some users may also have feature flag permissions, which are separate from both workspace and team roles and control who can manage feature flags.

If you need to change a user's role, see Manage user roles.



How roles work together

Atono’s role system provides flexibility and control, ensuring users have the right level of access without unecessary permissions.

  • Workspace roles control system-wide access — Workspace Owners and Administrators manage settings, users, and integrations, while Product Managers oversee product-related features. Standard Users have general access.
  • Team roles grant additional permissions within a specific team — A Standard User can be assigned a team role to manage a team without being needing workspace-wide permissions of a workspace Administrator.
  • Feature flag permissions are separate from workspace and team roles — A user can manage feature flags without needing extra permissions elsewhere in Atono.


Workspace roles (user roles)

Workspace roles define what a user can do across the entire workspace, from managing settings to controlling access for other users.


Workspace Owner

Workspace Owners have the highest level of permissions. Tasks requiring a Workspace Owner include:

  • Changing plans or updating billing information.
  • Adding or removing other Workspace Owners (Workspace Owners cannot remove this role from themself).
  • Deleting the workspace.

Administrator

Besides the specific capabilities listed about for Workspace owners, this role is the same as workspace Administrator. Tasks requiring the workspace Administrator or Workspace Owner role include:

  • Managing workspace settings.
  • Enabling or disabling the Slack integration for the workspace.
  • Adding or removing other workspace Administrators (an Administrator cannot remove this role from themself).
  • Updating or deleting users (Workspace Owners and Administrators cannot delete themselves).
  • Editing or deleting other users' comments from a story or bug.

Product Manager

The Product Manager role controls who can manage product themes for a workspace. Product managers can:

  • Add or remove other Product Managers (they cannot remove this role from themself).
  • Add or remove backlog owners to public and private teams.
  • Add or remove product themes.
  • Access all public and private team backlogs.
  • Add or remove members to any public or private team.
  • Manage the backlog of any public or private team.

🚧

Assigning this role affects everyone in the workspace

  • If no Product Managers are assigned, any user in the workspace can create and manage product themes and assign them to stories.
  • If at least one Product Manager is assigned, only users with this role can create and manage product themes and assign them to stories.

Standard users

The Standard User role is for most users in Atono. Without any additional permissions, Standard Users can:

  • Update their name in their user profile.
  • Create teams.
  • Add and remove members from any public team.
  • View and manage public team backlogs without a backlog owner (includes adding, creating, and reordering stories in the 'To do' category, deleting stories, and moving stories in or out of the 'Won't do' category).
  • Create, add, modify, and delete bugs on public team backlogs.
  • Add, accept, and reject comments on stories and bugs on public team backlogs.
  • Edit or delete comments they are the author of on public team backlogs.
  • Create and add feature flags to stories on public team backlogs.
  • Mark stories or bugs on public team backlogs as outliers and remove outlier status.
  • Triage bugs.
  • Opt themselves into the Slack integration (if it's enabled for the workspace).
  • Show or hide estimated completion dates on items in the 'To do' category of public team backlogs.


Team roles

Unlike workspace roles, team roles only apply within a specific team. They allow users to manage team settings and backlogs without granting workspace-wide permissions.


Team member

  • Edit the team's name and description.
  • Add and remove the team's Slack channel.
  • For private teams: Access the team backlog.
  • For Private teams: Add and remove team members.

Team admin

  • Edit the team's name and description.
  • Delete the team.
  • Modify the team's access type (Public or Private).
  • Add and remove team admins (they cannot remove themself as a team admin).
  • Add or remove backlog owners.
  • Add and remove the team's Slack channel.
  • Customize the team's workflow.

Backlog owner

  • Add or remove backlog owners (they cannot remove themself as a backlog owner).
  • Access the team backlog.
  • When assigned, responsible for managing upcoming stories in the team's backlog (includes adding and creating stories on the backlog, reordering stories in the 'To do' category, deleting stories, and moving stories in or out of the 'Won't do' category).

🚧

Assigning this role to a team affects everyone with access to the backlog

  • If no backlog owners are assigned to a team, anyone with access can manage stories in the team's backlog.
  • If at least one backlog owner is assigned to the team, other users with access can only move stories out of the 'To do' category and reorder stories in 'In progress steps'. They can't create or delete stories on the backlog or move stories in or out of the 'Won't do' category.

Feature flag permissions

Feature flag permissions are independent of Workspace Roles and Team Roles. Users with feature flag permissions can manage specific flags without needing additional workspace or team permissions.


Feature flag user

  • Manage who has User permissions of the flag.
  • Toggle the flag on and off and modify its configuration.

Feature flag owner

  • Change the feature flag's name and description.
  • Manage who has Owner and User permissions of the flag.
  • Toggle the flag on and off and modify its configuration.
  • Remove the feature flag from a story.
  • Delete the feature flag.

Updated about 1 hour ago