> ## Documentation Index
> Fetch the complete documentation index at: https://docs.voqo.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Roles and Permissions

> Understand organisation and workspace roles, what each one can do, and how to invite and manage your team.

## What this covers

Voqo has two levels of access: your **organisation** (your whole business — billing, members, and workspaces) and each **workspace** inside it (where the day-to-day work happens — agents, contacts, calls, knowledge base, integrations, and campaigns).

Everyone on your team has **one organisation role** and, for each workspace they belong to, **one workspace role**. The two are independent: what you can do *inside* a workspace depends on your workspace role, and what you can do at the *organisation* level depends on your organisation role.

This guide explains both, so you always know who can do what — and why an action might be blocked.

## Organisation roles

Your organisation has three roles. They control billing, members, and the workspaces themselves.

| Role        | What they can do                                                                                                                                                                                                                                                                                      |
| ----------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Owner**   | The single owner of the organisation. Everything an admin can do, **plus** manage billing — the subscription, payment method, and the Stripe billing portal. There is exactly one owner per organisation.                                                                                             |
| **Admin**   | Invite and remove organisation members, set member roles, and create or delete workspaces. Admins are **automatically admins of every workspace** in the organisation (see below). They can **view** billing and usage, but cannot **manage** the subscription or payment method — that's owner only. |
| **Regular** | A standard organisation member. They have **no access to any workspace** until they're explicitly added to one. Once added, what they can do there depends on the workspace role you give them.                                                                                                       |

**Viewing** billing — your subscription plan, usage, and credit meter — is open to **every member** of your organisation, so anyone can see what plan you're on and how much you're using. **Managing** billing — changing the payment method, subscribing, switching plans, cancelling, or opening the Stripe billing portal — is reserved for the organisation **owner**, because your payment details are shared across the whole organisation.

## Organisation admins are admins of every workspace

When someone is an **owner** or **admin** of your organisation, they are automatically made an **admin of every workspace** — both the ones you have today and any new workspace created later. You don't need to add them one by one.

This is the same model used by the major platforms your team already knows, and it means the people responsible for your organisation can always step into any workspace to help, without waiting to be invited.

An organisation admin is a **full admin of every workspace** — not just for managing members and settings, but for everything a workspace admin can do. Their organisation role always takes precedence, so nothing on their workspace row can limit them.

A few things worth knowing:

* This applies to **accepted** members only. Someone with a pending invitation isn't added to workspaces until they accept.
* If someone was already given a specific workspace role **before** becoming an organisation admin, that row is kept — but it never limits them. While they remain an organisation admin they have full admin access in that workspace regardless of what the row says.
* **You can't lower an organisation admin's workspace role from a workspace's member list — not your own, and not another organisation admin's.** Because they're an admin of every workspace, the workspace role control is read-only for them. To genuinely reduce what an organisation admin can do in workspaces, change their **organisation** role first (admin → regular). A workspace admin who is only an organisation *regular* can still be changed normally.

## Workspace roles

Inside each workspace, every member has one of three roles.

| Role       | What they can do                                                                                                                                                                                                                                          |
| ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Admin**  | Everything a member can do, **plus** manage the workspace's members (invite, change roles, remove) and update workspace settings.                                                                                                                         |
| **Member** | Full day-to-day access. Create, edit, and delete agents, contacts, calls, knowledge base items, integrations, API keys, campaigns, uploads, and batch jobs. The **only** things a member can't do are manage other members and change workspace settings. |
| **Viewer** | **Read-only.** Can open and read everything in the workspace but cannot make any changes.                                                                                                                                                                 |

### Member = full day-to-day work

A **member** is a fully productive member of the workspace. They can do all the everyday work — set up and edit agents, manage contacts and call logs, connect integrations, manage API keys, run campaigns and batch jobs, and delete records.

The line between a member and an admin is narrow and deliberate: only **managing other members** and **changing workspace settings** are admin-only. Everything else is open to members.

### Viewer = read-only

A **viewer** can see everything in a workspace but cannot change anything. This is the right role for someone who needs visibility — to review calls, check contacts, or audit activity — without the ability to edit.

A few things to expect as a viewer, so nothing comes as a surprise:

* **You see the same screens as everyone else.** The interface isn't stripped down — buttons and menus look the same.
* **Write actions are blocked when you try them.** If you attempt to edit, create, or delete something, the action is declined with a short message explaining that viewers have read-only access. Nothing is changed.
* **This applies to everything** — editing a contact, updating an agent, deleting a call, connecting an integration, buying a number, and so on. If it changes data, a viewer can't do it.

If you're a viewer and you need to make changes, ask a workspace **admin** (or an organisation admin) to either give you a higher role or make the change for you.

## Changing your own role

You can **step yourself down** to a lower role where doing so genuinely reduces your access — but you can never promote yourself. Raising a role is always done by someone who already has the authority to grant it.

* **Organisation admin → regular.** On the organisation members table you can lower **your own** role from admin to regular. To become an admin again, another organisation admin or the owner grants it back. Stepping down at the organisation level does **not** remove you from any workspace — you keep the workspace roles you already hold.
* **Workspace admin → member or viewer.** Whether you can lower your own workspace role depends on your **organisation** role. If you're an organisation **regular**, your workspace admin access is just a workspace assignment, so you can step yourself down on that workspace. If you're an organisation **admin**, you're an admin of every workspace by virtue of your organisation role — so the workspace role control on your own row is read-only, since lowering it would change nothing. To genuinely step down there, lower your **organisation** role first (admin → regular), then change your role in that specific workspace.

Two roles are **anchors** and are shown as a fixed **badge** rather than a dropdown, on your row and everyone else's:

* The **organisation owner** — the single billing-responsible owner.
* The **workspace owner** — the person who created the workspace.

Neither can be changed or removed from the settings screens, including by the owner themselves. To move ownership of an organisation or a workspace, contact <a href="mailto:support@voqo.ai?subject=Transfer ownership">support</a>.

You also can't **remove yourself** from an organisation or a workspace from these screens — only your role can be lowered. Ask another admin if you need to be removed entirely.

## Buying and removing numbers

Buying a new phone number or releasing an existing one is an **organisation-level** action, reserved for an organisation **owner** or **admin** — even though numbers live inside a workspace.

This is because a number adds recurring cost to your organisation's shared subscription, so provisioning it is a spend decision for the people who run your organisation.

* An organisation **owner** or **admin** can buy or release a number in any workspace.
* A workspace **admin** who isn't also an organisation admin **can't** buy or release a number. If they try, they're told to contact an organisation admin or owner — everything else in the workspace (agents, contacts, settings, members) is still theirs to manage.
* Buying a number needs an **active subscription**. If your organisation doesn't have one yet, your organisation **owner** sets it up first (managing the subscription is owner-only). When an admin buys a number, it's simply added to the subscription that's already in place.

## How to invite people

Joining is **organisation-first**: a person joins your **organisation**, and from there you give them access to specific workspaces. There is no way to invite someone straight into a single workspace — and that's deliberate, because it keeps access simple and predictable.

**Step 1 — Invite them to the organisation.**

1. Go to your **organisation settings**.
2. Send an email invitation, choosing whether they join as a **regular** member or an **admin**.
3. They receive an email link and accept it to join.

**Step 2 — Give them workspace access.**

* If you invited them as an **admin**, they're automatically an admin of every workspace — there's nothing more to do.
* If you invited them as a **regular** member, add them to each workspace they need, choosing their workspace role (**admin**, **member**, or **viewer**) as you do.

That's the whole flow: join the organisation, then get added to workspaces.

## Removing someone

There are two different removals, and they behave differently — choose the one that matches what you want.

**Remove from a single workspace**

* Removes them from **just that workspace**.
* They stay in your organisation and keep access to any other workspaces they belong to.
* Use this when someone should no longer work in one particular workspace.
* **Organisation admins can't be removed from a single workspace** — they're a member of every workspace by virtue of their organisation role. To take an organisation admin out of a workspace, lower their organisation role to **regular** first, or remove them from the organisation entirely (below).

**Remove from the organisation**

* Removes them from your organisation **and from every workspace in it**.
* Use this when someone leaves the business entirely.

If the person you're removing from the organisation is the **only admin of a workspace**, Voqo will ask you to **assign another admin to that workspace first**. This protects you from accidentally leaving a workspace with nobody in charge. Once you've assigned a replacement, the removal completes.

## Who can see the member list

The **organisation members** list is an admin view. An organisation **owner** or **admin** sees everyone in the organisation; a **regular** member sees only their own entry there. This keeps the member roster with the people who manage it.

Workspace member lists work differently — inside a workspace, **everyone in that workspace can see their co-members**, so you always know who you're working alongside.

## Why an action might be blocked

If you or a teammate can't do something, it's almost always one of these:

* **Wrong workspace role.** Viewers can't write; members can't manage other members or change workspace settings. Ask a workspace or organisation admin to adjust the role.
* **Managing billing is owner-only.** Any member can view the plan and usage, but only the organisation **owner** can change the subscription, payment method, or open the billing portal.
* **Not yet added to the workspace.** An organisation **regular** member has no access to a workspace until they're added to it.
* **Wrong workspace selected.** Confirm you're in the workspace you think you are before retrying.

If access still isn't behaving as you expect after checking the above, contact <a href="mailto:support@voqo.ai?subject=Roles and permissions help">support</a> with your workspace name, the action you tried, and your role.

## Related docs

* [Settings Admin Controls](settings-admin-controls)
* [Admin and Billing Overview](admin-and-billing-overview)
* [Manage Billing and Subscription](manage-billing-and-subscription)
* [Plan and Permission Matrix](../admin/plan-and-permission-matrix)
