Role hierarchy#
LumenFlow uses a role-based access control (RBAC) model:
| Role | Governance | Connections | Conversations | Billing |
|---|---|---|---|---|
| Owner | Full | Full | Full | Full |
| Admin | Create/edit rules | Add/remove | View all | View |
| Member | View rules | Use existing | Own only | — |
| Viewer | View rules | — | View assigned | — |
Permission details#
Governance permissions#
| Action | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
| Create rules | Yes | Yes | — | — |
| Edit rules | Yes | Yes | — | — |
| Delete rules | Yes | — | — | — |
| View rules | Yes | Yes | Yes | Yes |
Connection permissions#
| Action | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
| Add connection | Yes | Yes | — | — |
| Remove connection | Yes | Yes | — | — |
| Use in Sidekick | Yes | Yes | Yes | — |
| View connections | Yes | Yes | Yes | Yes |
Enterprise governance overlays#
Enterprise trust adds org-scoped reviewer and admin posture on top of workspace roles. Those reviewers act on the same approval and evidence flow as the workspace, rather than through a separate enterprise-only runtime.
Best practices#
- Use the principle of least privilege — give users the minimum access they need
- Review role assignments quarterly
- Separate day-to-day workspace roles from enterprise reviewer posture so sensitive approvals stay with the right audience
warning Only Owners can modify billing settings and delete the workspace. Ensure at least two people have the Owner role.