Roles

This page defines each role in Unmeshed and when it should be assigned.

Who this is for: Organization owners and platform admins

What they can do:
Full org-level administration. Manage users, roles, permissions, namespaces, and access maintenance endpoints.

When to assign:
Assign only to users who require the highest privilege.

Who this is for: Developers building workflows and integrations

What they can do:
Create and modify workflow artifacts such as process and step definitions, mappings, schedules, schemas, and variables. They can also run and test workflows.

When to assign:
Assign to developers who actively build and maintain workflows. Do not assign to users who only need to view or operate workflows.

Who this is for: Support, on-call, and operations teams

What they can do:
Investigate issues and operate workflows, including rerunning, resuming, terminating processes, and handling files. This role is prioritized over READ_ONLY.

When to assign:
Assign to support or on-call engineers who handle production issues.

Who this is for: Auditors and View only users.

What they can do:
View data and configurations, but cannot make changes.

When to assign:
This is the default role for auto-created users. Use it for users who only need visibility into the system.

Who this is for: Non-human accounts (apps, workers, clients)

What they can do:
Used by application or worker clients to:

1. Poll and register clients
2. Invoke apps and calls
3. Handle external integration callbacks

When to assign:
Assign only to service principals and machine users. Never assign this role to human users.