← Back to Docs
Last updated: 2026-07-02
Roles & Permissions
InvyMate uses role-based access to protect configuration and billing settings.
Roles
OWNERADMIN
Access matrix
| Area | Owner | Admin |
|---|---|---|
| Dashboard | ✅ | ✅ |
| Assets | ✅ | ✅ |
| People | ✅ | ✅ |
| Inventory Checks | ✅ | ✅ |
| Configuration (workspace settings) | ✅ | ❌ |
| Configuration (SSO) | ✅ | ❌ |
Owner access
Owners can access everything in Admin scope, plus the full Configuration module:
- Workspace settings
- Categories and locations
- Team management
- Custom fields
- QR label builder
- Layouts
- API keys
- Subscription and billing
- Trash (restore / permanently delete)
SSO lives under Configuration → SSO, after Webhooks in the sidebar.
Only the owner can open Configuration and manage the SSO draft.
The SSO draft can be configured as either SAML or OIDC, depending on the identity provider.
Plan gates
Some actions depend on plan features:
- CSV export
- API access and Webhooks
- SSO configuration and login are available whenever the workspace has SSO enabled
Usage limit gates
When workspace limits are reached:
- “Add New Item” and “Import” are disabled after asset limit is reached.
- Admin invites are blocked after admin limit is reached.