Skip to content

Members and Roles

ArchNGN uses three levels of role-based access: administrative roles, user roles, and read-only roles.

Administrative roles control platform-wide access. User roles and read-only roles control what you can do within a specific workspace. Account Admins have implicit Admin access to all workspaces.

FeatureAccount AdminAccount UserAccount Viewer
Manage account settingsYesNoNo
Manage users & rolesYesNoNo
Create, edit, delete workspacesYesNoNo
Import & export workspacesYesNoNo
Create, edit, delete objects & associationsYesYesNo
Create, edit, delete integrationsYesYesNo
Run automationsYesYesNo
View jobsYesYesNo
View usageYesYesNo
View registry, explorer, reports, metamodelYesYesYes
View the audit logYesNoNo

Object and association management requires the Workspace Admin role within the specific workspace, or Account Admin access.

Under the hood, every action maps to a capability (for example workspace:write, connector:write, job:run, audit:read), and each role grants a set of capabilities. The built-in roles are cumulative: everything a Viewer can do, a User can do; everything a User can do, an Admin can do. The application checks capabilities, not role names, on every request and hides UI controls you don’t have the capability for.

Accounts can also define custom roles: a named set of capabilities tailored to your organisation (for example, a “Connector Operator” who can manage connectors but not members). Custom roles are scoped to your account and never visible to other tenants. Contact support@archngn.com if you need a custom role configured.