Role Permissions
Kiaro has three roles: Owner, Admin, and Member. Each role builds on the previous one.
Permission matrix
| Action | Owner | Admin | Member |
|---|---|---|---|
| Data Access | |||
| View clients, projects, tasks | ✓ | ✓ | ✓ |
| Create and edit clients | ✓ | ✓ | ✓ |
| Create and edit projects | ✓ | ✓ | ✓ |
| Create and edit tasks | ✓ | ✓ | ✓ |
| Create and send invoices | ✓ | ✓ | ✓ |
| Log time entries | ✓ | ✓ | ✓ |
| Manage deliverables | ✓ | ✓ | ✓ |
| Manage contracts | ✓ | ✓ | ✓ |
| Manage knowledge base | ✓ | ✓ | ✓ |
| Upload files | ✓ | ✓ | ✓ |
| Use AI features | ✓ | ✓ | ✓ |
| Settings | |||
| Team management (invite/remove) | ✓ | ✓ | ✗ |
| Client portal settings | ✓ | ✓ | ✗ |
| Invoice settings (business info) | ✓ | ✓ | ✗ |
| Dashboard goals | ✓ | ✓ | ✗ |
| Content library | ✓ | ✓ | ✗ |
| Workspace & Account (owner only) | |||
| Workspace settings (name, time rounding, AI toggle) | ✓ | ✗ | ✗ |
| Manage subscription (upgrade/downgrade) | ✓ | ✗ | ✗ |
| Purchase AI credits | ✓ | ✗ | ✗ |
| Set up Stripe Connect | ✓ | ✗ | ✗ |
| Export all data | ✓ | ✗ | ✗ |
| Delete workspace | ✓ | ✗ | ✗ |
Role descriptions
Owner
The person who created the workspace. There is exactly one owner per workspace. The owner has unrestricted access to everything, including billing, Stripe Connect, data export, and the ability to delete the entire workspace.
Transferring ownership
Ownership can be transferred to any existing Admin in the workspace. The current Owner goes to Settings → Members, clicks Make owner next to an Admin row, and confirms the dialog. The transfer is atomic: the new Owner is promoted and the old Owner is demoted to Admin in the same database transaction, so there is never a moment with zero or two owners.
The dialog asks you to re-enter your current password to confirm. This extra check exists because ownership transfer is irreversible from your side once complete, so we want to be sure it’s really you clicking the button and not someone who borrowed your session.
Notes:
- Only the current Owner sees the Make owner button.
- The target must already be an Admin. Promote them via the role dropdown first if they’re a Member.
- Pending invites cannot become Owner; they must accept the invite first.
- If you signed in with Google and never set a password, you’ll need to set one from your Account Settings before you can transfer ownership.
- The new Owner can transfer it back to you at any time.
Admin
Admins have full access to all data (clients, projects, invoices, etc.) and can manage most settings. They can invite and remove team members, configure the client portal, update invoice settings, and set dashboard goals.
Admins cannot manage billing, set up Stripe Connect, export all data, or delete the workspace.
Member
Members have full access to all business data. They can create and manage clients, projects, tasks, invoices, time entries, deliverables, and contracts. They can use all AI features and upload files.
Members cannot access any settings pages. The Settings section is hidden from their sidebar navigation.
Changing roles
Owners and admins can change a team member’s role from Settings → Members. Use the role dropdown next to each member’s name.
Restrictions:
- You cannot change your own role
- The last owner cannot be demoted (there must always be one owner)