User Roles and Permissions
Learn how to manage team access and control permissions in MovaBase
User Roles and Permissions
MovaBase provides a comprehensive role-based access control system that allows you to manage team permissions at both organization and project levels. This guide covers everything you need to know about managing user roles and permissions.
Overview
NEEDS_MEDIA
The role-based access control system allows you to:
- Granular Permissions: Control access at different levels (organization and project)
- Role Hierarchy: Clear hierarchy of access levels (Owner > Admin > Developer > Viewer)
- Team Collaboration: Invite team members with specific roles
- Security: Secure access control with email-based invitations
- Flexible Management: Easily update roles and permissions as your team evolves
- Organization Isolation: Separate permissions per organization and project
MovaBase uses a two-level permission system. Organization roles control access to organizations and billing, while project roles control access to specific translation projects and their content.
Understanding Roles
Role Types
MovaBase supports four distinct user roles, each with specific permissions:
| Role | Organization Permissions | Project Permissions | Best For |
|---|---|---|---|
| Owner | Full control over all settings and billing | Full control over all projects and settings | Organization founders, executives |
| Admin | Manage projects, team members, and settings | Manage project settings, team, and translations | Team leads, project managers |
| Developer | View projects | View and edit translations in assigned projects | Translators, developers working on translations |
| Viewer | View projects | Read-only access to view translations | Stakeholders, QA, content reviewers |
Roles are assigned per user and per context. A user can be an Owner of one organization but only a Developer in another project within the same organization.
Role Hierarchy
The role hierarchy determines the level of access:
- Owner: Highest level of access
- Admin: Can manage but not delete organizations
- Developer: Can edit but not manage project settings
- Viewer: Read-only access
Managing Team Members
Inviting Team Members
Access Team Management
Navigate to team management in your organization:
- Go to your organization
- Click on "Team" or "Members" tab
- You'll see current team members list
- Click "Invite" button to add new members
Enter Email Address
Provide the email of the person you want to invite:
- Enter valid email address
- Email must be unique and not already registered
- Use professional email addresses
- One email per invitation
You can invite multiple team members at once by sending separate invitations. Each member will receive their own invitation email.
Select Role
Choose the appropriate role for the team member:
- Owner: Full control (use sparingly)
- Admin: Manage projects and team
- Developer: Work on translations
- Viewer: Read-only access
Start with lower access levels (Developer or Viewer) and promote to higher roles as team members prove themselves. You can always promote them later.
Send Invitation
Generate and send the invitation:
- Click "Send Invitation" button
- Unique invitation link is generated
- Email is sent to the team member
- Copy invitation link if needed
The invitation link expires after a set period. Team members need to accept the invitation before it expires.
NEEDS_MEDIA
Invitation Acceptance Process
Managing Roles
Viewing Current Roles
Check and update roles for team members:
Access Member List
View all team members and their roles:
- Go to Team/Members section
- Each member shows their assigned role
- Members are sorted by role (higher roles first)
- See member details including name and email
Select Member
Click on a team member to manage their role:
- Access role management options
- Current role is displayed
- Available roles are shown based on your permissions
- Actions available depend on your role vs their role
You can only assign roles equal to or lower than your own role. Owners can assign any role, but cannot be demoted.
Update Role
Change the member's role as needed:
- Select new role from dropdown
- Confirm the change
- Role change takes effect immediately
- Member receives notification of role change
Be careful when reducing access levels. Consider the member's responsibilities before demoting them.
Remove Team Member
Remove a member from the organization:
- Click "Remove" button next to member
- Confirm removal when prompted
- Member loses all access to organization and projects
- Member is removed from all projects
Removing a team member is permanent. They'll need a new invitation to rejoin if needed.
NEEDS_MEDIA
Role Assignment Best Practices
Organization vs. Project Roles
MovaBase distinguishes between organization-level and project-level permissions.
Organization-Level Permissions
These permissions apply to the entire organization:
Project-Level Permissions
These permissions apply to specific projects within an organization:
Security Considerations
Access Control Best Practices
Follow these best practices to maintain secure access control:
Secure Invitation Process
- Verify email addresses before sending invitations
- Use unique invitation links (one-time use)
- Set appropriate expiration times
- Monitor invitation acceptance
- Revoke unused invitations
Invitation links expire after a set period. Team members must accept before expiration, and you can resend if needed.
Responsible Role Assignment
- Assign roles based on responsibilities, not tenure
- Document role decisions for transparency
- Review role assignments quarterly
- Use principle of least privilege
- Create clear role descriptions
Regular Security Reviews
- Audit team member access monthly
- Review inactive accounts quarterly
- Remove unnecessary permissions promptly
- Update documentation as roles evolve
- Conduct security training for new members
Revoking Access
Troubleshooting
Common Issues
| Issue | Cause | Solution |
|---|---|---|
| Cannot invite member | Insufficient permissions | You must be Owner or Admin to invite |
| Cannot change role | Role hierarchy violation | You can only assign roles equal to or lower than yours |
| Member not receiving emails | Email delivery issue | Verify email address and check spam folder |
| Invitation expired | Time limit exceeded | Resend invitation with new link |
| Cannot remove member | Protected account | Only Owner can remove members |
If you're experiencing persistent access issues, check your current role and verify you have the necessary permissions for the action you're trying to perform.
Best Practices
Team Organization
- Start with Clear Structure: Define roles and responsibilities before inviting team members
- Use Principle of Least Privilege: Grant minimum necessary permissions
- Document Everything: Keep records of role assignments and decisions
- Regular Reviews: Audit roles and permissions quarterly
- Promote from Within: Recognize reliable team members before giving higher access
- Plan for Scale: Establish role structure that can grow with your organization
Role-Based Workflows
Next Steps
Now that you understand user roles and permissions, you can:
- Manage Profile Settings: Customize your account preferences and security
- Explore More Features: Learn about advanced MovaBase capabilities
- Set Up Integrations: Configure Bitbucket and API access
- Start Using MovaBase: Begin managing your translations effectively
Part 13 of 14 • User Roles and Permissions Complete
Next: Profile and Account Settings