# User Roles & Permissions Capsule supports three user roles: Owner, Admin, and Viewer. Each role grants a different level of access — from full administrative control to read-only investigation. Roles are assigned per tenant from the user-management settings. ## Overview Capsule's role model lets security teams investigate findings and detections without exposing private end-user content. Roles control two things: which actions a user can take (configuring policies, managing users, taking responses) and whether private conversation content is visible. ## Roles | Role | Manage settings | View security findings | View private conversation content | | --- | --- | --- | --- | | **Owner** | ✅ | ✅ | All sessions | | **Admin** | ❌ | ✅ | Flagged sessions only | | **Viewer** | ❌ | ✅ | Always hidden | ### Owner Full administrative access. Owners manage users, configure integrations and policies, and view every session — including private conversation content. Use this role for platform owners. ### Admin Read-only access to all security findings and detections, with privileged visibility into **flagged sessions** — those with an active policy violation, issue, or detection. Private conversation content remains hidden on sessions that have not been flagged. This is the recommended role for SOC analysts and security investigators. ### Viewer Read-only access to dashboards, posture, agent inventory, and aggregated metrics. Conversation content is always hidden. Use this role for stakeholders who need awareness without operational responsibilities. ## How to assign a role 1. Sign in as an **Owner**. 2. Go to **Settings → Users**. 3. Click **Add user**, enter the email and name, then pick a role. 4. To change an existing role, open the user's row and click **Edit**. Only Owners can assign or change roles. ## Redaction behavior When a user without permission opens a session, conversation messages and tool input/output are replaced with a `Hidden — contact a system owner for access.` placeholder. Identity fields — user email and user IDs — remain visible so investigations can still attribute activity to the right person.