Roles & Permissions
Define custom roles and control access with granular permissions.
Overview
Jasper provides a comprehensive role-based access control system with 5 built-in system roles and the ability to create custom roles. Control exactly what each team member can access.
System Roles
Five built-in roles provide common permission sets:
| Role | Permissions | Typical Use |
|---|---|---|
| Owner | Full access (99 permissions) | Organization founders, billing contacts |
| Admin | All except billing & danger zone (95 permissions) | Team leads, senior developers |
| Stakeholder | Extended read + analytics (46 permissions) | Product managers, QA leads |
| Member | Standard contributor access (36 permissions) | Developers, contributors |
| Viewer | Read-only access (14 permissions) | External stakeholders, observers |
Note: System roles cannot be modified, but you can clone them to create custom variations.
Creating Custom Roles
Create roles tailored to your organization's needs.
From Scratch
- Go to Settings → Roles & Permissions
- Click Create Role
- Enter a role name (e.g.,
backend-developer) - Add an optional description
- Choose a color for the role badge
- Select permissions from the expandable groups
- Click Create Role
By Cloning
- Find the role you want to base your new role on
- Click Clone
- Enter a new name
- The new role inherits all permissions from the source
- Edit to customize permissions as needed
Tip: Clone the "Member" role to create variations like "Contractor" with restricted API access.
Permission Groups
Permissions are organized into logical groups:
Dashboard
dashboard.view— View dashboarddashboard.export— Export dashboard data
Code Reviews
reviews.view— View reviewsreviews.trigger— Trigger new reviewsreviews.apply-fixes— Apply AI-suggested fixesreviews.retry— Retry failed reviewsreviews.comment— Add commentsreviews.delete— Delete reviewsreviews.export— Export review data
Repositories
repos.view— View repositoriesrepos.admin.view— Access repository adminrepos.manage— Manage repository settingsrepos.sync— Sync repository datarepos.branch-protection— Manage branch protectionrepos.rulesets— Manage rulesets
Team Members
members.view— View team membersmembers.invite— Invite new membersmembers.remove— Remove membersmembers.change-role— Change member roles
Analytics
analytics.view— View personal analyticsanalytics.team-view— View team analyticsanalytics.all-view— View all organization analyticsanalytics.export— Export analytics data
Integrations
integrations.view— View integrationsintegrations.clickup.manage— Manage ClickUpintegrations.clockify.manage— Manage Clockifyintegrations.github.manage— Manage GitHub settings
Billing
billing.view— View credit balancebilling.manage— Purchase credits
Organization Settings
settings.view— View settingssettings.edit— Edit settingssettings.audit-logs.view— View audit logssettings.roles.manage— Manage roles
Danger Zone
danger.delete— Delete organizationdanger.transfer-ownership— Transfer ownership
Assigning Roles
Change a Member's Role
- Go to Settings → Team
- Find the team member
- Click Change Role
- Select the new role
- Confirm the change
Role Restrictions
- Cannot change the owner's role
- Only owners can promote someone to owner (transfers ownership)
- Only owners and admins can change roles
Managing Custom Roles
Editing a Role
- Go to Settings → Roles & Permissions
- Find the custom role
- Click Edit
- Modify name, description, color, or permissions
- Click Save
Deleting a Role
- Custom roles can only be deleted if no users are assigned
- Reassign users to another role first
- System roles cannot be deleted
Role Hierarchy
Roles follow a hierarchy from most to least permissions:
- Owner (Level 5) — Full control
- Admin (Level 4) — Administrative access
- Stakeholder (Level 3) — Business oversight
- Member (Level 2) — Contributor access
- Viewer (Level 1) — Read-only access
Best Practices
- Principle of least privilege — Give users only the permissions they need
- Use custom roles — Create roles for specific job functions
- Regular audits — Review role assignments periodically
- Document roles — Add clear descriptions to custom roles
Example Custom Roles
Contractor
Based on Member with restricted access:
- No API access
- No billing view
- Read-only team view
QA Engineer
Based on Stakeholder with extra review permissions:
- Full review access
- Analytics export
- No repository management
Billing Admin
Limited role for finance team:
- Billing view and manage
- Analytics view
- No code or review access