Overview
Bi369 AI uses role-based access control (RBAC). Every team member is assigned a role that determines their permissions across all modules. You can use the built-in roles or create custom roles on Pro and Enterprise plans.
Built-in roles
| Role | Can manage billing | Can manage users | Module access | |---|---|---|---| | Owner | ✓ | ✓ | Full | | Admin | — | ✓ | Full | | Manager | — | — | Full (assigned modules) | | Member | — | — | Edit own records | | Viewer | — | — | Read-only |
Changing a team member's role
- Go to Settings → Team Members
- Find the team member
- Click the role badge next to their name
- Select a new role from the dropdown
- The change takes effect immediately
Creating custom roles (Pro & Enterprise)
- Go to Settings → Roles
- Click New role
- Give the role a name and description
- Configure permissions for each module:
- Full access — create, read, update, delete
- Edit — create, read, update (no delete)
- View — read-only
- No access — module hidden
- Click Save
You can then assign this custom role to team members.
Module-level overrides
In addition to the base role, you can restrict a team member to specific divisions (organisational units). For example, a Manager might have full access only to the "Sales" division, not HR or Finance.
Set this in Settings → Team Members → [Member] → Division access.
Auditing permission changes
All role and permission changes are logged in Settings → Audit Log. Each entry shows:
- Who made the change
- What changed
- When it happened
Related articles
- Inviting team members
- Audit log
- Division and department setup