Role Permissions
Kiaro has three roles: Owner, Admin, and Member. Each role builds on the previous one.
Permission matrix
| Action | Owner | Admin | Member |
|---|---|---|---|
| Data Access | |||
| View clients, projects, tasks | ✓ | ✓ | ✓ |
| Create and edit clients | ✓ | ✓ | ✓ |
| Create and edit projects | ✓ | ✓ | ✓ |
| Create and edit tasks | ✓ | ✓ | ✓ |
| Create and send invoices | ✓ | ✓ | ✓ |
| Log time entries | ✓ | ✓ | ✓ |
| Manage deliverables | ✓ | ✓ | ✓ |
| Manage contracts | ✓ | ✓ | ✓ |
| Manage knowledge base | ✓ | ✓ | ✓ |
| Upload files | ✓ | ✓ | ✓ |
| Use AI features | ✓ | ✓ | ✓ |
| Settings | |||
| Team management (invite/remove) | ✓ | ✓ | ✗ |
| Client portal settings | ✓ | ✓ | ✗ |
| Invoice settings (business info) | ✓ | ✓ | ✗ |
| Dashboard goals | ✓ | ✓ | ✗ |
| Content library | ✓ | ✓ | ✗ |
| Workspace & Account (owner only) | |||
| Workspace settings (name, time rounding, AI toggle) | ✓ | ✗ | ✗ |
| Manage subscription (upgrade/downgrade) | ✓ | ✗ | ✗ |
| Purchase AI credits | ✓ | ✗ | ✗ |
| Set up Stripe Connect | ✓ | ✗ | ✗ |
| Export all data | ✓ | ✗ | ✗ |
| Delete workspace | ✓ | ✗ | ✗ |
Role descriptions
Owner
The person who created the workspace. There is exactly one owner per workspace. The owner has unrestricted access to everything, including billing, Stripe Connect, data export, and the ability to delete the entire workspace.
Transferring ownership
Ownership can be transferred to any existing Admin in the workspace. The current Owner goes to Settings → Members, clicks Make owner next to an Admin row, and confirms in a two-step dialog:
- Send code. The dialog confirms what will happen and sends a 6-digit confirmation code to your account email.
- Enter code. Open the email, copy the code, paste it into the dialog, and click Confirm transfer.
The transfer is atomic: the new Owner is promoted and you are demoted to Admin in the same database transaction, so there is never a moment with zero or two owners.
The confirmation code:
- Expires after 10 minutes.
- Can only be used once.
- Is capped at 3 codes per hour per account to prevent abuse.
- Is sent to whichever email is on your account — works identically whether you signed up with Google or a password.
Notes:
- Only the current Owner sees the Make owner button.
- The target must already be an Admin. Promote them via the role dropdown first if they’re a Member.
- Pending invites cannot become Owner; they must accept the invite first.
- The new Owner can transfer it back to you at any time (using the same code flow).
- If the code doesn’t arrive within a minute, check spam, then click the “send a new code” link in the dialog.
Admin
Admins have full access to all data (clients, projects, invoices, etc.) and can manage most settings. They can invite and remove team members, configure the client portal, update invoice settings, and set dashboard goals.
Admins cannot manage billing, set up Stripe Connect, export all data, or delete the workspace.
Member
Members have full access to all business data. They can create and manage clients, projects, tasks, invoices, time entries, deliverables, and contracts. They can use all AI features and upload files.
Members cannot access any settings pages. The Settings section is hidden from their sidebar navigation.
Changing roles
Owners and admins can change a team member’s role from Settings → Members. Use the role dropdown next to each member’s name.
Restrictions:
- You cannot change your own role
- The last owner cannot be demoted (there must always be one owner)