Roles and permissions
Overview
Roles group permissions that control what a teammate can read or manage. Navigation and actions are permission-aware, so users may see different KiloBot screens inside the same workspace. Define responsibility first, then pick the smallest role that covers the work.
Start with responsibility
Define what each teammate must do before choosing a role. Common responsibilities include:
- Work in Inbox and Contacts
- Manage Calendar and Availability
- Create Services and Workflows
- Configure Agent Setup, Workflow, Knowledge Base, and Channels
- View Analytics and workspace Usage
- Invite members or edit roles
Separate read access from management access where the role editor allows it. A teammate who needs to view Analytics may not need permission to change routing or publish an agent configuration.
Use built-in and custom roles
Assign the broadest authority only where it is required, then narrow access for daily operators.
- Open Settings → Teams to review available roles.
- Assign workspace owners the broadest authority.
- Give administrators operational and configuration access as needed.
- Give members the narrower access needed for daily work.
When custom roles are available, name them after responsibility, such as "Inbox operator" or "Booking manager," rather than after one person.
Test a role
After changing a role, confirm the teammate sees the right pages and cannot reach sensitive controls.
- After changing a role, confirm the teammate can open every required page.
- Verify they can perform the needed action.
- Confirm that sensitive controls they should not manage are absent or disabled.
Permissions can affect Agent Setup, routing, channels, customers, broadcasts, bookings, analytics, and team administration. A redirect or missing action may be intentional when access is not granted.
Maintain access
Remove broad temporary access once setup or an incident is complete.
- Review membership and roles regularly.
- Remove unused roles.
- Revoke access when someone leaves.
- Reduce broad temporary access after a setup or incident is complete.
Do not use shared user accounts to avoid permission setup. Individual membership provides clearer responsibility and safer access removal.