How to read this table
- Yes — the role can do this anywhere within its scope.
- No — not available to this role.
- Conditional — allowed only in specific situations.
- “Resource” means any shareable item: dashboard, data source, file, folder, chat, or agent.
Capability matrix
| Action | Org Owner | Org Admin | Dept Admin | Dept Manager | Dept Employee (Member) |
|---|---|---|---|---|---|
| Create resources | Yes | Yes | Yes | Yes | Conditional — must belong to a department |
| View own resources | Yes | Yes | Yes | Yes | Yes |
| View resources shared with you | Yes | Yes | Yes | Yes | Yes |
| View others’ personal resources (admin view) | Yes | Yes | No | No | No |
| Share as Viewer | Conditional | Conditional | Conditional | Conditional | Conditional |
| Share as Editor | Conditional | Conditional | Conditional | Conditional | Conditional |
| Edit a resource shared with you | Conditional — only if Editor or owner | Conditional | Conditional | Conditional | Conditional |
| Delete / move resource to Trash | Conditional — owner | Conditional | Conditional | Conditional — owner only | Conditional — owner only |
| Restore from Trash | Conditional — within 3-day window | Conditional | Conditional | Conditional | Conditional |
| Transfer resource ownership | Conditional — current owner only | Conditional | Conditional | Conditional | Conditional |
| Manage department members | Yes | Yes | Conditional — own department | No | No |
| Create / edit departments | Yes | Yes | No | No | No |
| Invite org members | Yes | Yes | No | No | No |
| Remove org members | Yes | Yes | No | No | No |
| Toggle org-wide external sharing | Yes | Yes | No | No | No |
| Manage billing (plans, budgets, payment) | Yes | Yes | No | No | No |
| Curate AI models & tools | Yes | Yes | No | No | No |
| View audit log / implicit-access feed | Yes | Yes | No | No | No |
Notes on the conditional cells
- Sharing and editing depend on your relationship to the specific resource. You can only share at or below your own level. External sharing requires the org-wide external-sharing toggle to be on.
- External users are always view-only and can never re-share.
- Delete, restore, and transfer ownership are tied to being the resource’s owner.
- Admin view (implicit access) requires acknowledgement and is audited every use.
- Creating resources requires department membership.
- Department Managers cannot manage members or create departments.