Permissions
Control who can see and do what, using roles and permission sets.
Access in Cadence comes from two layers working together: a member's organization role sets their baseline, and permission sets grant fine-grained access to specific features on top of it. Where they overlap, the most permissive level wins.
In this article
The two layers of access
- Organization role — a broad role assigned to every member (Owner, Administrator, Member). It decides who can manage the organization itself.
- Permission sets — named bundles you create and assign to grant access to specific modules (like Sermons or Projects) at a chosen level. See Permission sets.
Access is additive. If a member's role and their permission set grant different levels for the same feature, they get the higher of the two.
Organization roles
- Owner — Full control of the organization, including organization settings and billing. There's always at least one owner.
- Administrator — Manages members, teams, automations, and most day-to-day settings, but not owner-only areas like organization billing.
- Member — Works within the features they've been granted through permission sets. No organization-management access by default.
Access levels
When you grant a module through a permission set, you choose how much access it gives:
- None — No access to the module; it's hidden.
- Access — Can view and work within the module.
- Manager — Full control of the module, including settings others can't change.
What each role can do
This table shows the baseline for each organization role. Permission sets can grant a Member additional module access on top of this.
| Capability | Member | Administrator | Owner |
|---|---|---|---|
| Work in features granted to them | ✓ | ✓ | ✓ |
| Keep a private vault | ✓ | ✓ | ✓ |
| Invite and manage members | ✓ | ✓ | |
| Create and manage teams | ✓ | ✓ | |
| Set up automations | ✓ | ✓ | |
| Create and assign permission sets | ✓ | ✓ | |
| Edit organization settings | ✓ | ✓ | |
| Manage organization billing | ✓ |
No role can read another person's vault. Stories and teaching concepts are private to their owner and only become visible when that person explicitly shares an item — not through any administrator or owner permission.