Docs / Permissions and Roles

Reference

Use permissions to separate payout setup, review, and administration

Permissions help keep payout calculations self-service without giving every teammate access to sensitive setup, billing, or API-key controls.

Details

What to know

Permission principle

Give users the access they need for their workflow and keep administration, billing, and automation credentials limited to trusted workspace operators.

  • Owners control billing actions, owner access, and the full workspace permission surface.
  • Admins can manage team access, settings, API keys, integrations, setup data, calculations, statements, exports, and audit review, but they cannot grant Owner access, change/remove Owner memberships, or manage billing.
  • Finance operators can manage imports, sources, buckets, products, mappings, payees, rules, calculations, statements, exports, billing/invoice review, and audit review without receiving API-key, integration, team, or billing-action access.
  • Viewers can inspect in-app ledger evidence but cannot mutate setup, run calculations, download/export financial artifacts, deliver statements, view billing, or manage credentials.
  • Developers should use scoped API keys for server-side automation rather than personal login sessions.

Ability boundaries

Allocora maps each role to explicit abilities so sensitive actions are narrower than general workspace access.

  • Billing checkout, plan changes, cancellation, and resume actions are Owner-only.
  • API key creation, API key revocation, Stripe credentials, and integration controls are limited to Owners and Admins.
  • Export downloads, payout previews, reconciliation CSV exports, raw revenue CSV exports, statement downloads, share URLs, and statement emails require Owner, Admin, or Finance access.
  • Viewer access is read-only inside the application and excludes artifact download or delivery actions.

Inviting teammates

Owners and admins can invite teammates from the Team page without support intervention. Invitation emails are sent through the configured mail channel and must be accepted by the invited email address.

  • Pending invitations show their role, sender, sent date, expiry date, and current state.
  • Pending unexpired invitations can be resent or revoked by users who can manage the team.
  • Accepted, expired, and revoked invitations remain visible so workspace administrators can understand access history.
  • Admins can invite admin, finance, or viewer users; only owners can invite another owner.
  • Only owners can change or remove an owner membership.

Switching workspaces

Users who belong to more than one workspace can switch the active workspace from the account header. Allocora then scopes account pages, permissions, imports, calculations, exports, and audit views to the selected workspace.

  • Only workspaces where the user has an active membership are available in the switcher.
  • The current workspace is clearly marked and cannot be selected again.
  • After switching, Allocora returns to the dashboard to avoid using a detail page from the previous workspace.

Operational boundary

Permissions protect the calculation and evidence workflow. They do not authorize bank transfers, KYC, AML checks, or payout-rail execution inside Allocora.

  • Keep payment approval controls in the downstream payout or accounting system.
  • Use Allocora audit history to explain who changed setup or review state.
  • Rotate API keys when an integration owner changes.

Reference Tables

Fields and checks

Recommended access model

Use this table as a starting point when assigning workspace access.

User type Typical access Review note
Workspace owner Full workspace access, including billing actions, owner access, API keys, integrations, and operational workflows. Limit to people accountable for workspace administration and subscription control.
Workspace admin Team/settings/API keys/integrations plus operational setup, calculations, statements, exports, and audit review. Use for trusted operators who administer the workspace but should not control billing or Owner role grants.
Finance operator Revenue imports, mappings, rules, calculation runs, statement delivery, exports, billing/invoice viewing, and audit review. Use for users who perform close work without credential or billing-action access.
Reviewer/viewer In-app read-only access to ledger setup, calculations, statements, reports, and audit evidence. Use when a second person reviews evidence but should not export or deliver artifacts.
Developer Scoped API keys and API reference workflows. Use server-side keys and rotate them when access changes. Only Owners/Admins create or revoke keys.

Feedback

Was this page helpful?

Send a note if a step is unclear, missing, or out of date.

Email Support

Apply this in a workspace

Start free, use sample data, then replace examples with your own revenue rows when the workflow is clear.