6 min read • Guide 86 of 877
Configuring Team Permissions and Roles
Permissions that are too restrictive slow work down. Permissions that are too open create security and governance risks. GitScrum's role-based access control lets you configure the right level of access for each team member, balancing productivity with control.
Permission Challenges
| Too Restrictive | Too Open |
|---|---|
| Constant access requests | Accidental changes |
| Slowed decision making | Sensitive data exposure |
| Frustrated team | Audit failures |
| Workarounds emerge | No accountability |
Role Hierarchy
Standard Roles
GITSCRUM ROLE HIERARCHY
═══════════════════════
ORGANIZATION ADMIN
├── Full organization control
├── Billing and subscription
├── User management
├── All project access
└── Settings and integrations
PROJECT ADMIN
├── Full project control
├── Member management (project)
├── Project settings
├── No org-level access
└── Cannot delete org
MEMBER
├── Create and edit tasks
├── View all project data
├── Comment and collaborate
├── Limited settings access
└── Cannot manage members
GUEST
├── View-only by default
├── Limited to specific projects
├── Comment (if enabled)
├── Time-limited access
└── No settings access
CLIENT
├── View project progress
├── Approve deliverables
├── Comment on tasks
├── No internal discussions
└── Filtered view
Permission Matrix
PERMISSION MATRIX
═════════════════
Action │ Admin │ P-Admin │ Member │ Guest │ Client
────────────────────────┼───────┼─────────┼────────┼───────┼────────
Create tasks │ ✓ │ ✓ │ ✓ │ ✗ │ ✗
Edit own tasks │ ✓ │ ✓ │ ✓ │ ✗ │ ✗
Edit any task │ ✓ │ ✓ │ ✗ │ ✗ │ ✗
Delete tasks │ ✓ │ ✓ │ ✗ │ ✗ │ ✗
View all tasks │ ✓ │ ✓ │ ✓ │ △ │ △
Comment │ ✓ │ ✓ │ ✓ │ △ │ ✓
Manage members │ ✓ │ ✓ │ ✗ │ ✗ │ ✗
Change project settings │ ✓ │ ✓ │ ✗ │ ✗ │ ✗
Access billing │ ✓ │ ✗ │ ✗ │ ✗ │ ✗
Manage integrations │ ✓ │ ✓ │ ✗ │ ✗ │ ✗
Export data │ ✓ │ ✓ │ ✗ │ ✗ │ ✗
✓ = Allowed ✗ = Denied △ = Configurable
Role Configuration
Creating Custom Roles
CUSTOM ROLE SETUP
═════════════════
EXAMPLE: "Developer" Role
Name: Developer
Description: Standard development team member
TASK PERMISSIONS:
├── ✓ Create tasks
├── ✓ Edit own tasks
├── ✓ Edit any task (in assigned projects)
├── ✗ Delete tasks
├── ✓ Change task status
└── ✓ Add time entries
BOARD PERMISSIONS:
├── ✓ View all boards
├── ✗ Create boards
├── ✗ Edit board settings
└── ✓ Use filters
PROJECT PERMISSIONS:
├── ✓ View project settings
├── ✗ Edit project settings
├── ✗ Manage project members
└── ✗ Access sensitive data
REPORTING:
├── ✓ View team reports
├── ✗ Export data
├── ✓ View own time reports
└── ✗ View salary data
Contractor/External Role
CONTRACTOR ROLE CONFIG
══════════════════════
Name: Contractor
Description: External contributor with limited access
ACCESS SCOPE:
├── Projects: Only assigned projects
├── Duration: Expires on [date]
├── Hours: Time tracking required
└── Visibility: Public tasks only
PERMISSIONS:
├── ✓ View assigned tasks
├── ✓ Edit assigned tasks
├── ✓ Add time entries
├── ✓ Comment on tasks
├── ✗ View all project tasks
├── ✗ Access other projects
├── ✗ Export any data
├── ✗ Access internal discussions
└── ✗ Invite others
AUTO-ACTIONS:
├── Notify admin 7 days before expiry
├── Remove access on expiry date
├── Archive contractor's activity log
└── Reassign open tasks
Team Structure
Project Teams
PROJECT TEAM CONFIGURATION
══════════════════════════
Project: Website Redesign
TEAM MEMBERS:
┌────────────────────────────────────────────────┐
│ Name │ Role │ Access │
├────────────────────────────────────────────────┤
│ Sarah Chen │ Project Admin│ Full │
│ Mike Johnson │ Developer │ Standard │
│ Lisa Park │ Developer │ Standard │
│ Tom Wilson │ Designer │ Standard │
│ Jane Doe │ Contractor │ Limited │
│ John Client │ Client │ View Only │
└────────────────────────────────────────────────┘
TEAM PERMISSIONS:
├── All members see project board
├── Only admins manage settings
├── Client sees filtered view
├── Contractor access expires Apr 1
└── Notifications: All members
Cross-Project Access
MULTI-PROJECT ACCESS
════════════════════
User: Mike Johnson
PROJECT ACCESS:
├── Website Redesign → Developer (active)
├── Mobile App v2 → Developer (active)
├── Infrastructure → Guest (read-only)
├── Sales Pipeline → None
└── HR Project → None
ORGANIZATION ROLE: Member
├── Can join public projects
├── Can request project access
├── Cannot create projects
└── Cannot access billing
Best Practices
For Permission Setup
- Least privilege — Start minimal, add as needed
- Role-based — Assign roles, not individual permissions
- Regular audits — Review access quarterly
- Document rationale — Why each role exists
- Automate off-boarding — Remove access promptly
Common Configurations
CONFIGURATION EXAMPLES
══════════════════════
STARTUP (5-10 people):
├── 1-2 Org Admins
├── All others: Members
├── Minimal role separation
└── Trust-based model
AGENCY (10-50 people):
├── 2-3 Org Admins
├── Project Admins per client
├── Developers: Member role
├── Contractors: Limited role
└── Clients: Client role
ENTERPRISE (50+ people):
├── Dedicated Admins
├── Tiered project access
├── SSO integration
├── Audit logging
├── Compliance roles
└── Automated provisioning
Anti-Patterns
PERMISSION MISTAKES:
✗ Everyone is admin
✗ No role documentation
✗ Manual access management
✗ Stale contractor access
✗ No regular audits
✗ Overly complex roles
✗ Ignoring least privilege