Roles & Permissions
Understand the role-based access control system and what each role can do.
Pipelines uses a hierarchical role-based access control (RBAC) system. Each role inherits the permissions of the roles below it.
Role hierarchy
Org Admin
└── Project Admin (Owner or Viewer per project)
└── ContributorRole details
Org Admin
The highest-level role. Org Admins manage all resources within an organization and have implicit access to every project.
| Capability | Access |
|---|---|
| Manage projects | Create, edit, archive, delete any project in the org |
| Manage team | Invite users, assign roles across all projects |
| Organization settings | Models, MCP servers, API keys, org-scoped templates |
| Evaluation criteria | Create and manage org-scoped criteria and prompts |
| API keys | Create and manage API keys for external API access |
| All project operations | Full access to everything within every project |
Project Admin
Assigned per-project. A user can be a Project Admin on multiple projects, with different access levels on each. Each project assignment has one of two permission levels:
Owner
Full read/write access to the project.
| Capability | Access |
|---|---|
| Manage pipelines | Create, edit, publish, activate, pause, archive pipelines |
| Manage tasks | Seed tasks, view all task data, edit submissions, export |
| Data Explorer | Full access to task tables, derived columns, evaluations |
| Team (project) | Add/remove project team members, assign project-level roles |
| Project templates | Save and manage project-scoped templates |
| Time tracking (admin) | View time tracking reports for all contributors |
| Instructions | Create and manage contributor instructions |
Viewer
Read-only access to the project. Useful for stakeholders who need visibility without the ability to modify pipelines, tasks, or team configuration. Viewers see the same sidebar navigation as Owners, but all write actions are disabled.
| Capability | Access |
|---|---|
| View data | Read-only access to task data and pipeline configurations |
| Dashboards | View project and org dashboards |
| Team page | View the team roster (cannot add, remove, or modify members) |
| Instructions | View all contributor instructions (cannot create, edit, or delete) |
| Time tracking | View time tracking reports for all contributors |
| Workflows | View pipeline configurations (cannot create, edit, publish, or manage) |
| Templates | View project and org-scoped templates (cannot create, edit, or delete) |
Viewers can see everything an Owner can see, but cannot create, edit, delete, publish, or manage anything. All restrictions are enforced at the API level — action buttons are hidden or disabled in the UI.
Contributor
The work execution role. Contributors complete tasks assigned to them within their projects.
| Capability | Access |
|---|---|
| Work queue | View and claim available tasks |
| Submit work | Fill out forms and submit subtask responses |
| Review work | Complete reviews on assigned review nodes |
| My time | View personal time tracking data |
| Instructions | Read project instructions scoped to their contributor role |
Personas
Users interact with the platform through two personas, each with its own sidebar navigation:
- Admin persona — shows the admin sidebar with project management, pipeline building, data explorer, team management, and organization settings.
- Contributor persona — shows the contributor sidebar with work queues, submitted tasks, and personal time tracking.
Users who have both admin and contributor roles can switch between personas from the user menu:
- Click your name or avatar at the bottom of the sidebar to open the user menu.
- Select "Switch to Contributor" or "Switch to Admin".
The persona determines which navigation and features are visible, but does not change your underlying permissions.
The persona switch option only appears if your account has both admin and contributor roles. If you only have one role, you will not see this option.
Assigning roles
At the organization level
Org Admins manage users from the People page in the admin sidebar. From here you can invite new Org Admins or Project Admins, add contributors to projects, and manage role assignments. See Team Management for step-by-step instructions.
At the project level
Project Admin Owners manage team members from the project's Team page. Each user added to a project is assigned as either a Project Admin (Owner or Viewer) or a Contributor. See Team Management for details.
Contributor roles
Within a project, contributors can be further categorized using contributor types — custom labels that help organize contributors by function (e.g., "Annotator", "Translator", "QA Specialist"). Contributor types are project-scoped and used for:
- Node claim restrictions — pipeline nodes can require a specific contributor type
- Per-type claim limits — maximum concurrent claims per contributor type
- Work schedule restrictions — per-type work schedules
- Instruction visibility — instructions can be scoped to specific contributor roles
- Task filtering — filter and assign tasks based on contributor type
See the Contributor types section in Team Management for how to manage them.