Roles and permissions inside Teams
Permissions meaningfully change what a user can create, approve, see, or manage.
If your organization uses Teams, not every user works with the same scope. The extension distinguishes between owner, admin, editor, and viewer.
Understanding this avoids common confusion such as not being able to publish shared content, seeing a read-only vault, or not finding content that does exist in another department.
Role summary
| Role | What it can do | What to remember |
|---|---|---|
| Owner | Manages the entire organization, billing, departments, isolation rules, trash emptying, and overall team governance. | This is the profile with the broadest operational scope and the only one with certain irreversible actions. |
| Admin | Manages shared content, approvals, company variables, broadcasts, and invitations. | Can edit and approve far more than an editor, even if billing or seat management is sometimes reserved for the owner. |
| Editor | Creates and edits working content inside the shared workspace. | In workspaces with approvals enabled, what they publish may stay pending until it is reviewed. |
| Viewer | Consults shared content and inserts resources where access is allowed. | Usually lives in a read-only experience and does not create or modify resources in the common workspace. |
Scope across departments
When the company enables strict isolation, regular users only see content from their own department or from the general segment. Owner and Admin usually keep broader visibility for supervision and workspace governance.
If the team enters a frozen state, the experience can become read-only even for profiles that would normally edit. If something does not appear, do not assume it was deleted: it may be outside your reach because of role, department, or approval status.