| Org Admin | HR User | Business Owner | Application Admin | Manager | View-only | User | |
|---|---|---|---|---|---|---|---|
| Explicitly assigned in the admin dashboard; highest role. | Explicitly assigned in the admin dashboard. | Assigned on a per-app basis; can manage apps and app data. | Assigned on a per-app basis; receives provisioning or deprovisioning requests. | Usually assigned automatically via HRIS integration; often used for approval policies. | Explicitly assigned in the admin dashboard. | Default role (everyone has this) | |
| Permissions | |||||||
| View all users | Only for administered apps | ||||||
| View all applications | Only for owned apps | Only for administered apps | |||||
| Request app access | |||||||
| Revoke app access | |||||||
| Add application spend data | |||||||
| Trigger on- and offboardings | |||||||
| Manage access of direct reports | |||||||
| Approve on behalf of others | |||||||
| Grant access on behalf of others | |||||||
| Notifications | |||||||
| On/Offboarding | |||||||
| Shadow IT |
General
AccessOwl Roles
The following roles in AccessOwl govern permissions within the application. Some roles are assigned explicitly within AccessOwl’s settings, while others are granted implicitly based on a user’s HRIS status or responsibilities as an business owner or admin.