Team Roles
PAPI uses three roles to control access. Every team member has exactly one role, and permissions are enforced at the database level.
Permission Matrix
| Action | Owner | Editor | Viewer |
|---|---|---|---|
| View board and reports | ✓ | ✓ | ✓ |
| View strategy reviews | ✓ | ✓ | ✓ |
| Create and edit tasks | ✓ | ✓ | — |
| Execute builds | ✓ | ✓ | — |
| Submit reviews | ✓ | ✓ | — |
| Run planning cycles | ✓ | ✓ | — |
| Invite team members | ✓ | — | — |
| Change team roles | ✓ | — | — |
| Reset cycles | ✓ | — | — |
| Delete projects | ✓ | — | — |
Role Details
Owner
The person who created the project. There's exactly one owner per project. Owners have full control: they can manage team membership, send invitations, change roles, reset cycles, and delete the project. They can also do everything editors and viewers can do.
Editor
A full participant in the build process. Editors can create tasks, run planning cycles, execute builds, and submit reviews. They can see everything the owner can see, but they cannot manage team membership or change project-level settings.
Viewer
Read-only access. Viewers can see the board, reports, cycle history, and strategy reviews, but they cannot create tasks, build, or modify anything. This role is ideal for stakeholders who need visibility without write access.
Invitations
Owners invite team members by email address. The invitee receives an email with a secure link that expires after 7 days. When they click the link, they see a preview of the project and the role they've been assigned. They can accept or decline.
If the invitee doesn't have a PAPI account yet, they'll be prompted to create one during the acceptance flow. Once accepted, they appear in the project's team list with their assigned role.