Roles and Permissions
GitScrum Studio uses role-based access control to manage what team members can see and do. Understanding the role hierarchy helps you assign appropriate access levels and maintain security.
Role Hierarchy
GitScrum has four primary roles, each with different permission levels:
| Role | Access Level | Typical Use |
|---|---|---|
| Agency Owner | Full access | Business owners, account administrators |
| Manager | Project & team management | Project managers, team leads |
| Developer | Task & content work | Engineers, designers, contributors |
| Client | Limited view access | External clients, stakeholders |
Agency Owner
The Agency Owner role has unrestricted access to all workspace features. This role should be assigned sparingly to people responsible for the business and account administration.
Full Permissions
- Create, edit, and delete workspaces
- Manage billing and subscription
- Add and remove all team members
- Assign any role to members
- Access all projects regardless of privacy
- Delete any content
- Configure integrations and API access
- View all financial data (invoices, revenue)
- Manage ClientFlow clients
Use Case
Assign Agency Owner to:
- Business owners
- Account administrators
- Senior partners with full responsibility
Limitations
There must always be at least one Agency Owner per workspace. You cannot demote yourself if you're the only owner.
Manager
Managers have broad access to projects and team members but cannot modify workspace-level settings or billing.
Permissions
| Area | Can Do | Cannot Do |
|---|---|---|
| Projects | Create, edit, archive | Delete permanently |
| Tasks | Full CRUD | — |
| Team | Add/remove members | Change Agency Owners |
| Clients | View and manage | Delete clients with invoices |
| Reports | Access all reports | Export financial data |
| Settings | Project settings | Workspace billing/danger zone |
Use Case
Assign Manager to:
- Project managers
- Team leads
- Department heads
- Senior team members needing oversight
Developer
Developers can work on tasks and contribute content but have limited administrative capabilities.
Permissions
| Area | Can Do | Cannot Do |
|---|---|---|
| Tasks | Create, edit, comment | Delete others' tasks |
| Projects | View assigned projects | Create new projects |
| Time | Log own time | Edit others' time |
| Wiki | Create and edit pages | Delete pages |
| Documents | Upload and manage | Delete others' files |
| Sprints | View and update status | Create/manage sprints |
Use Case
Assign Developer to:
- Software engineers
- Designers
- QA engineers
- Content creators
- General contributors
Client
Clients have read-only access to specific information shared with them. This role is for external stakeholders who need visibility without edit capabilities.
Permissions
| Area | Can Do | Cannot Do |
|---|---|---|
| Projects | View assigned projects | View other projects |
| Tasks | View tasks | Create or edit tasks |
| Invoices | View own invoices | See internal pricing |
| Proposals | Approve/reject proposals | Create proposals |
| Comments | Read discussions | Participate in discussions |
| Portal | Access client portal | Access main application |
Use Case
Assign Client to:
- External customers
- Stakeholders needing project visibility
- Vendors tracking deliverables
Client Portal
Clients access GitScrum through a separate portal interface. See ClientFlow for portal configuration.
Permission Matrix
Detailed breakdown by feature:
Workspace
| Action | Owner | Manager | Developer | Client |
|---|---|---|---|---|
| View workspace | ✓ | ✓ | ✓ | ✓ |
| Edit settings | ✓ | — | — | — |
| Manage billing | ✓ | — | — | — |
| Delete workspace | ✓ | — | — | — |
| Invite members | ✓ | ✓ | — | — |
Projects
| Action | Owner | Manager | Developer | Client |
|---|---|---|---|---|
| View all projects | ✓ | ✓ | assigned | assigned |
| Create projects | ✓ | ✓ | — | — |
| Edit project settings | ✓ | ✓ | — | — |
| Delete projects | ✓ | — | — | — |
| Archive projects | ✓ | ✓ | — | — |
Tasks
| Action | Owner | Manager | Developer | Client |
|---|---|---|---|---|
| View tasks | ✓ | ✓ | ✓ | ✓ |
| Create tasks | ✓ | ✓ | ✓ | — |
| Edit any task | ✓ | ✓ | own | — |
| Delete tasks | ✓ | ✓ | own | — |
| Assign tasks | ✓ | ✓ | ✓ | — |
Time Tracking
| Action | Owner | Manager | Developer | Client |
|---|---|---|---|---|
| Log time | ✓ | ✓ | ✓ | — |
| View own time | ✓ | ✓ | ✓ | — |
| View team time | ✓ | ✓ | — | — |
| Edit any time entry | ✓ | ✓ | — | — |
| Delete time entries | ✓ | ✓ | own | — |
ClientFlow
| Action | Owner | Manager | Developer | Client |
|---|---|---|---|---|
| View clients | ✓ | ✓ | — | own |
| Create clients | ✓ | ✓ | — | — |
| Create invoices | ✓ | ✓ | — | — |
| Record payments | ✓ | — | — | — |
| Delete clients | ✓ | — | — | — |
Changing Roles
Promoting Members
Agency Owners can change any member's role through the Team section:
- Go to Team > Members
- Click the member's row
- Select new role from dropdown
- Changes apply immediately
Demoting Members
When demoting someone from Manager to Developer:
- They lose access to admin features
- Project access may be reduced
- Existing work remains intact
Removing Agency Owners
To remove someone as Agency Owner:
- At least one other Agency Owner must exist
- You cannot remove yourself if you're the last owner
- Transfer ownership before removing
Project-Level Overrides
Beyond workspace roles, projects can have specific member assignments:
Project Visibility
- Private: Only assigned members see the project
- Public: All workspace members see the project
Project Members
Even with a Developer workspace role, someone must be added to a private project to access it.
Best Practices
Principle of Least Privilege
Assign the minimum role needed for someone's responsibilities. Most team members should be Developers unless they need management capabilities.
Regular Audits
Periodically review role assignments:
- Remove access for departed team members
- Verify Agency Owners are appropriate
- Check project assignments for contractors
Client Access
- Create dedicated client accounts
- Never share internal team credentials
- Use the Client Portal for external access
Documentation
Keep a record of who has what access and why, especially for compliance-sensitive workspaces.
Troubleshooting
"I can't see a project"
- Check if you're assigned to the project
- Ask a Manager to add you if it's private
- Verify your workspace role
"Button is disabled"
- Your role may not have that permission
- Check the permission matrix above
- Contact your workspace administrator
"Client can't log in"
- Verify portal access is enabled
- Check the client's password is set
- Confirm correct login URL
How to Report a Problem or Request a Feature
If you encounter access issues or need custom permission configurations, submit feedback through GitScrum Studio. In the Sidebar, click on Support Tickets and open a ticket.