Capsule supports three user roles: Owner, Admin, and Viewer. Each role grants a different level of access — from full administrative control to read-only investigation. Roles are assigned per tenant from the user-management settings.
Capsule's role model lets security teams investigate findings and detections without exposing private end-user content. Roles control two things: which actions a user can take (configuring policies, managing users, taking responses) and whether private conversation content is visible.
| Role | Manage settings | View security findings | View private conversation content |
|---|---|---|---|
| Owner | ✅ | ✅ | All sessions |
| Admin | ❌ | ✅ | Flagged sessions only |
| Viewer | ❌ | ✅ | Always hidden |
Full administrative access. Owners manage users, configure integrations and policies, and view every session — including private conversation content. Use this role for platform owners.
Read-only access to all security findings and detections, with privileged visibility into flagged sessions — those with an active policy violation, issue, or detection. Private conversation content remains hidden on sessions that have not been flagged. This is the recommended role for SOC analysts and security investigators.
Read-only access to dashboards, posture, agent inventory, and aggregated metrics. Conversation content is always hidden. Use this role for stakeholders who need awareness without operational responsibilities.
- Sign in as an Owner.
- Go to Settings → Users.
- Click Add user, enter the email and name, then pick a role.
- To change an existing role, open the user's row and click Edit.
Only Owners can assign or change roles.
When a user without permission opens a session, conversation messages and tool input/output are replaced with a Hidden — contact a system owner for access. placeholder.
Identity fields — user email and user IDs — remain visible so investigations can still attribute activity to the right person.