Roles & Permissions
Understand the roles in Mistvine, what each one can do, and how permissions work.
Last updated
Mistvine uses a layered permission model. Every user has an organization role (admin or member) and can additionally hold contextual roles that grant scoped powers over specific teams, practices, or waves.
How Permissions Work
All access control is enforced by the database. The application determines who you are and what organization you belong to — the database decides what you can see and do. This means permissions cannot be bypassed through the UI.
| Layer | What it controls |
|---|---|
| Organization role | Base permissions — admin vs member |
| Ownership status | Billing, org deletion, ownership transfer |
| Contextual roles | Scoped powers for teams, practices, reports, and waves |
A user can hold multiple roles at once. For example, someone can be an admin, a people manager, and a team lead simultaneously.
Organization Roles
Admin
Admins have full access to organization settings, analytics, and management features.
What admins can do:
- Invite, remove, and change member roles
- Create, edit, and delete teams
- Create, edit, and delete practices
- Assign people managers and wave managers
- Create, edit, and delete waves and wave objectives
- Approve team objectives
- View all insights and analytics dashboards
- View all sentiment data across the organization
- Configure feature flags and integrations
- Manage organization-wide feedback principles
- View audit logs and manage legal holds
- Answer Q&A questions
Where admins can go:
| Section | Access |
|---|---|
| Settings | All pages (except billing — requires owner) |
| Insights | All dashboards |
| Waves | Full management |
| Everything else | Full access |
Member
Members can participate in all day-to-day activities but cannot manage the organization.
What members can do:
- Give and receive peer feedback
- Submit and view sentiment (anonymous)
- Submit weekly status updates
- Create and track personal OKRs
- Ask Q&A questions
- Participate in team health assessments (anonymous)
- View wave dashboards and team objectives (read-only)
- Update their profile, theme, and preferences
What members cannot access:
- Organization settings
- Insights and analytics dashboards
- Member management
- Team, practice, or wave creation
- Audit logs and legal holds
Ownership
Owner status sits on top of the Admin role. Every owner is also an admin — there are no member-owners. Owner adds workspace lifecycle and billing controls that admins don't have on their own.
Mistvine supports multiple owners per organization (minimum 1 required).
Owner-exclusive capabilities (in addition to all Admin permissions):
- Manage billing and subscription
- Create and access the billing portal
- Update subscription seats
- Delete the organization
- Transfer ownership to other admins
- Change the workspace URL
- Configure workspace name and timezone
Owners are displayed with an "Owner" badge in the members list.
Contextual Roles
Contextual roles are granted through assignments and give scoped powers over specific resources. They do not require the admin organization role — any member can hold them.
People Manager
How it's assigned: An admin creates a manager-report relationship in Settings > People Managers.
What people managers can do:
- View direct report profiles and performance data
- Submit attrition risk assessments for direct reports
- Create performance assessments
- View 360 feedback for direct reports
- View the feedback matrix for their reports
People managers can see feedback given to their direct reports, but not feedback from their direct reports. This privacy boundary ensures team members can give honest upward feedback.
Where to find it: The "Manage People" link appears in the sidebar when you have active direct reports.
Team Lead
How it's assigned: An admin sets a member's team assignment role to "lead" in Settings > Teams.
What team leads can do:
- Create, edit, and delete team objectives
- Assign and remove team members
- View team health assessment results (anonymized)
- Manage team-level feedback principles
What team leads cannot do:
- Approve team objectives (admin-only)
- Delete the team itself (admin-only)
- Manage other teams they don't lead
Team leads only have elevated permissions for their own team(s). A user can lead multiple teams.
Where to find it: The "Manage Teams" link appears in the sidebar when you are a team lead.
Practice Lead
How it's assigned: An admin sets a member's practice assignment role to "lead" in Settings > Practices.
What practice leads can do:
- Create, update, and archive practice-level feedback principles
- Define skill levels (e.g., Junior, Mid, Senior, Staff)
- Define competencies and proficiency expectations per level
- Assess member competencies
- Track member progression through levels
- View practice analytics
Practice leads manage their specific practice only.
Where to find it: The "Manage Practice" link appears in the sidebar when you are a practice lead.
Wave Manager
How it's assigned: An admin grants the wave manager flag in Settings > Wave Managers. Admins are automatically wave managers and don't need this flag.
What wave managers can do:
- Create and edit waves
- Create and edit wave objectives
- Assign teams to waves
- Manage boost requests
- Answer Q&A questions on waves they manage
What wave managers cannot do:
- Delete waves (admin-only)
- Delete wave objectives (admin-only)
Where to find it: Wave management options appear within the Waves section when you have wave manager permissions.
Role Combinations
Users can hold multiple roles at once. Here are common combinations and what they see:
| Combination | What they get |
|---|---|
| Admin + Owner | Full access to everything including billing |
| Admin + People Manager | Settings, insights, and direct report management |
| Member + People Manager | Day-to-day features plus direct report management |
| Member + Team Lead + Practice Lead | Day-to-day features plus team and practice dashboards |
| Member (no contextual roles) | Feedback, sentiment, OKRs, and wave participation |
Permissions Grid
The Owner column lists only the Owner-exclusive capabilities. Because every Owner is also an Admin, Owners additionally have every capability marked under the Admin column.
Organization & Settings
| Capability | Owner | Admin | Wave Mgr | Team Lead | People Mgr | Practice Lead | Member |
|---|---|---|---|---|---|---|---|
| Manage billing & subscription | ✓ | ||||||
| Delete organization | ✓ | ||||||
| Transfer ownership | ✓ | ||||||
| Change workspace URL | ✓ | ||||||
| Configure workspace name/timezone | ✓ | ||||||
| Invite & remove members | ✓ | ||||||
| Change member roles | ✓ | ||||||
| Configure features & integrations | ✓ | ||||||
| View audit logs | ✓ | ||||||
| Manage legal holds | ✓ | ||||||
| Manage org-wide principles | ✓ | ||||||
| Assign people managers | ✓ | ||||||
| Assign wave managers | ✓ |
Waves
| Capability | Owner | Admin | Wave Mgr | Team Lead | People Mgr | Practice Lead | Member |
|---|---|---|---|---|---|---|---|
| Create waves | ✓ | ✓ | |||||
| Edit waves | ✓ | ✓ | |||||
| Delete waves | ✓ | ||||||
| Create wave objectives | ✓ | ✓ | |||||
| Edit wave objectives | ✓ | ✓ | |||||
| Delete wave objectives | ✓ | ||||||
| Assign teams to waves | ✓ | ✓ | |||||
| Manage boosts | ✓ | ✓ | |||||
| View wave dashboards | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Submit weekly status | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Submit sentiment | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Teams
| Capability | Owner | Admin | Wave Mgr | Team Lead | People Mgr | Practice Lead | Member |
|---|---|---|---|---|---|---|---|
| Create teams | ✓ | ||||||
| Edit teams | ✓ | ||||||
| Delete teams | ✓ | ||||||
| Assign/remove team members | ✓ | ✓ | |||||
| Create team objectives | ✓ | ✓ | |||||
| Edit team objectives | ✓ | ✓ | |||||
| Delete team objectives | ✓ | ✓ | |||||
| Approve team objectives | ✓ | ||||||
| View team health results | ✓ | ✓ | |||||
| Manage team principles | ✓ | ✓ | |||||
| View team objectives | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Participate in health assessments | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
People Management
| Capability | Owner | Admin | Wave Mgr | Team Lead | People Mgr | Practice Lead | Member |
|---|---|---|---|---|---|---|---|
| View direct report details | ✓ | ✓ | |||||
| View feedback to direct reports | ✓ | ✓ | |||||
| View feedback from direct reports | |||||||
| Submit attrition risk assessments | ✓ | ||||||
| Create performance assessments | ✓ | ||||||
| View 360 feedback for reports | ✓ | ✓ |
Practices
| Capability | Owner | Admin | Wave Mgr | Team Lead | People Mgr | Practice Lead | Member |
|---|---|---|---|---|---|---|---|
| Create practices | ✓ | ||||||
| Edit practices | ✓ | ||||||
| Delete practices | ✓ | ||||||
| Add/remove practice members | ✓ | ||||||
| Create practice principles | ✓ | ✓ | |||||
| Update practice principles | ✓ | ✓ | |||||
| Archive practice principles | ✓ | ✓ | |||||
| Define skill levels | ✓ | ✓ | |||||
| Define competencies | ✓ | ✓ | |||||
| Assess member competencies | ✓ | ||||||
| View practice analytics | ✓ | ✓ |
Insights & Analytics
| Capability | Owner | Admin | Wave Mgr | Team Lead | People Mgr | Practice Lead | Member |
|---|---|---|---|---|---|---|---|
| View org-wide feedback matrix | ✓ | ||||||
| View all sentiment data | ✓ | ||||||
| View attrition risk dashboard | ✓ | ||||||
| View compliance dashboards | ✓ | ||||||
| View team health insights | ✓ | ||||||
| View feedback matrix for reports | ✓ | ✓ | |||||
| Answer Q&A questions | ✓ | ✓ |
Feedback & Growth (All Members)
| Capability | Owner | Admin | Wave Mgr | Team Lead | People Mgr | Practice Lead | Member |
|---|---|---|---|---|---|---|---|
| Give peer feedback | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Receive peer feedback | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Request feedback | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Create personal OKRs | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Ask Q&A questions | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Update profile & preferences | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Manage personal principles | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Quick Reference
| Role | How it's set | Scope |
|---|---|---|
| Admin | Settings > Members > Role | Organization-wide |
| Member | Default role on join | Organization-wide |
| Owner | Settings > Members > Ownership | Organization-wide |
| People Manager | Settings > People Managers | Direct reports only |
| Team Lead | Settings > Teams > Member role | Specific team(s) |
| Practice Lead | Settings > Practices > Member role | Specific practice(s) |
| Wave Manager | Settings > Wave Managers | All waves |
Subscription Requirements
All roles require an active subscription. If the subscription lapses:
- Settings remain accessible so owners can fix billing
- All other pages are blocked with a message to contact the organization owner
- Owners see a direct link to the billing page
See Organization Setup for subscription management details.