Roles and permissions
Built-in and custom roles, the permission matrix, and how to control who can do what in your organization.
Roles determine what each user can do in Genuics. Every user has exactly one role, and that role grants a specific set of permissions across datasets, dashboards, reports, actions, AI, and admin features.
Built-in roles
Genuics ships with two built-in roles:
Admin
Full access to everything in the organization. Admins can manage users, change settings, create and delete any resource, and access all data regardless of team.
Use this role for organization owners, IT administrators, and team leads who need unrestricted access.
Member
Limited access designed for day-to-day users. Members can view and interact with dashboards and reports shared with their team, create actions, and use AI features - but they cannot manage users, change organization settings, or access data outside their team.
Viewing roles
Go to Setup > Roles & Permissions in the sidebar. You'll see a list of all roles - both built-in and any custom roles you've created - along with how many users are assigned to each.
Creating a custom role
When the built-in roles don't fit your needs, create a custom role with exactly the permissions you want.
- Go to Setup > Roles & Permissions.
- Click Create Role.
- Enter a role name - something descriptive like "Analyst", "Report Viewer", or "Action Manager".
- Configure permissions using the permission matrix (see below).
- Click Save.
Once created, you can assign the custom role to users from their profile page.
The permission matrix
The permission matrix is organized by resource type. For each resource, you can grant or deny specific actions:
Datasets
| Permission | What it allows |
|---|---|
| View | See datasets and preview data |
| Create | Upload new datasets |
| Edit | Rename columns, change types, clean data |
| Delete | Permanently remove datasets |
| Upload | Add new data rows to existing datasets |
Dashboards
| Permission | What it allows |
|---|---|
| View | See dashboards shared with their team |
| Create | Create new dashboards |
| Edit | Add/remove widgets, change settings, modify layout |
| Delete | Permanently remove dashboards |
Reports
| Permission | What it allows |
|---|---|
| View | See and export reports |
| Create | Build new reports |
| Edit | Modify report configuration, columns, and filters |
| Delete | Permanently remove reports |
Actions
| Permission | What it allows |
|---|---|
| View | See actions assigned to their team |
| Create | Create new actions |
| Edit | Update action status, priority, assignee, and details |
| Delete | Permanently remove actions |
| Edit setup | Configure action statuses and categories in Setup |
AI
| Permission | What it allows |
|---|---|
| Chat | Use the Geni chat assistant |
| Run processing | Trigger AI insight generation on datasets |
Administration
| Permission | What it allows |
|---|---|
| Teams - create/edit/delete | Manage team structure |
| Users - create/edit/delete | Invite, edit, and deactivate users |
| Email templates - create/edit/delete | Manage notification email templates |
| Workflows - create/edit/delete | Build and modify automated workflows |
Example: creating an "Analyst" role
Suppose you want a role for data analysts who should build reports and dashboards but not manage users or access admin settings.
- Go to Setup > Roles & Permissions and click Create Role.
- Name it Analyst.
- Grant: Datasets (view, create, edit, upload), Dashboards (view, create, edit), Reports (view, create, edit, delete), Actions (view, create, edit), AI (chat, run processing).
- Deny: all Delete permissions for dashboards and datasets, all Administration permissions, Workflows.
- Click Save.
Now assign the "Analyst" role to any user who fits this profile.
Example: creating a "Viewer" role
For stakeholders who only need to consume data - not create or edit anything:
- Create a role named Viewer.
- Grant: Datasets (view), Dashboards (view), Reports (view), Actions (view).
- Deny: all Create, Edit, Delete, and Administration permissions.
- Click Save.
Editing and deleting roles
- Edit a role - click the role name in the list and adjust permissions. Changes apply immediately to all users with that role.
- Delete a role - you can only delete a custom role if no users are assigned to it. Reassign users to a different role first.
- Built-in roles cannot be edited or deleted.
Next steps
Learn how to assign roles to users in Managing users and teams, or configure organization-wide security in Organization settings.