Permissions Matrix

Complete reference showing what each role can and cannot do.

Organization Role Permissions

Legend:

• ✅ = Can do
• ❌ = Cannot do
• * = Only Decision Sites explicitly shared with them
• ** = Only their own Decision Sites
• *** = Only on Decision Sites they can edit
• **** = Only teams they're members of
• ***** = Requires being Augment employee

---

Team Role Permissions

Note: Organization ADMIN can manage any team, even if not team OWNER.

---

Contact Role Effects

Key insight: Contact roles don't grant permissions - they categorize for analytics.

---

Permission Combinations

Example 1: Internal Sales Rep

Roles:

• Organization: CREATOR
• Team: MEMBER (Sales Team)
• Contact: SELLER

Can do:

• Create Decision Sites ✅
• Edit shared Decision Sites ✅
• Access team content ✅
• View analytics ✅
• Access Meetings & AI Assistant ✅

Cannot do:

• Manage organization settings ❌
• Add/remove team members ❌
• Access other teams' content ❌

---

Example 2: External Executive Buyer

Roles:

• Organization: GUEST
• Team: None
• Contact: BUYER + DECISION_MAKER

Can do:

• View shared Decision Sites ✅
• View assigned content ✅
• Access home page ✅

Cannot do:

• Create Decision Sites ❌
• Edit any content ❌
• Access Meetings ❌
• Access AI Assistant ❌
• View analytics ❌

Special: Activity counts 1.5x in Deal Pulse scoring

---

Example 3: Sales Ops Lead

Roles:

• Organization: ADMIN
• Team: OWNER (Sales Ops Team)
• Contact: SELLER

Can do:

• Everything ✅
• Manage organization ✅
• Access all Decision Sites ✅
• Manage all teams ✅
• Change any settings ✅

Cannot do:

• Nothing - ADMIN has full access

---

Example 4: Sales Engineer

Roles:

• Organization: COLLABORATOR
• Team: MEMBER (Sales Engineering Team)
• Contact: SELLER

Can do:

• Edit shared Decision Sites ✅
• Access team content ✅
• View analytics ✅
• Access Meetings & AI Assistant ✅

Cannot do:

• Create new Decision Sites ❌
• Manage organization settings ❌
• Add/remove team members ❌

---

Special Permissions

ADMIN Bypasses

Organization ADMIN can:

• Access any Decision Site (even if not shared)
• Manage any team (even if not team OWNER)
• Change any user's role
• Override most restrictions

ADMIN does NOT bypass:

• Deal Pulse scoring (still counts as SELLER if marked)
• Contact role categorization

---

Team Access Control Overrides

When Team Access Control = OWN:

• Only owner can access
• Even team members can't see
• Even organization ADMIN can access (ADMIN bypass applies)

---

Domain Rule Automation

If domain rules are set:

• New users from specified domains auto-join
• Auto-assigned role (CREATOR or COLLABORATOR)
• Can override default GUEST for external domains

---

Permission Escalation

How to Get More Access

Current: GUEST → Want: CREATOR

• Must be re-invited with new role
• Cannot upgrade GUEST directly

Current: COLLABORATOR → Want: CREATOR

• Ask organization ADMIN
• ADMIN changes role
• Takes effect immediately

Current: Team MEMBER → Want: Team OWNER

• Ask current team OWNER or org ADMIN
• They promote you
• Takes effect immediately

Current: Any role → Want: ADMIN

• Ask current ADMIN
• Should be rare (limit to 1-2 people)
• Requires strong justification

---

Permission Verification

How to Check Your Permissions

Check organization role:

1. Go to Settings → Profile
2. View your role
3. Compare to matrix above

Check team role:

1. Go to Settings → Teams
2. Find your teams
3. See your role (OWNER or MEMBER)

Check what you can do:

1. Try to create Decision Site
2. Try to access Meetings tab
3. Try to access AI Assistant
4. Try to manage team members

---

Next Steps

• Choose roles: Role Selection Guide
• Manage roles: Managing Permissions
• Understand roles: Understanding Roles