← Back to Docs
Last updated: 2026-07-02

Roles & Permissions

InvyMate uses role-based access to protect configuration and billing settings.

Roles

  • OWNER
  • ADMIN

Access matrix

AreaOwnerAdmin
Dashboard
Assets
People
Inventory Checks
Configuration (workspace settings)
Configuration (SSO)

Owner access

Owners can access everything in Admin scope, plus the full Configuration module:

  • Workspace settings
  • Categories and locations
  • Team management
  • Custom fields
  • QR label builder
  • Layouts
  • API keys
  • Subscription and billing
  • Trash (restore / permanently delete)

SSO lives under Configuration → SSO, after Webhooks in the sidebar. Only the owner can open Configuration and manage the SSO draft. The SSO draft can be configured as either SAML or OIDC, depending on the identity provider.

Plan gates

Some actions depend on plan features:

  • CSV export
  • API access and Webhooks
  • SSO configuration and login are available whenever the workspace has SSO enabled

Usage limit gates

When workspace limits are reached:

  • “Add New Item” and “Import” are disabled after asset limit is reached.
  • Admin invites are blocked after admin limit is reached.