staging · test data, test payments
Docs · Roles

Roles & permissions.

Access in Stori follows a single role hierarchy. A higher role can do everything a lower role can, plus more — at the organization, team, and project level.

The hierarchy

Owner

Full control, including billing, SSO, and deleting the organization.

Admin

Invite members, manage teams and projects — everything except billing and SSO.

Member

Create and edit work items and collaborate on the org's projects.

Viewer

Read-only access across the organization's projects.

Guest

Access only to the specific projects they're added to.

The hierarchy is what Stori enforces — access checks gate on a role meeting a minimum level. Some capabilities additionally require a paid plan (marked Pro / Team); see pricing.

What each project role can do

Project roles come from the owning team, an explicit collaborator grant, or your organization role.

CapabilityViewerMemberAdminOwner

View the canvas & work items

Browse work items, areas, comments, and change history.

Create & edit work items

Add, edit, and move cards across the canvas and its areas.

Delete work items

Remove work items from the project.

Comment

Post comments on work items.

Run & save TraQL queriesPro

Query work items and save shared views.

Create & ship releasesPro

Group work into releases and ship them.

Edit project settings

Rename, configure the workflow, default queries, and ship policy.

Link a GitHub repo

Connect a repository to drive state changes from pull requests.

Manage project collaboratorsTeam

Add individual org members to this project with their own role.

Delete the project

Permanently delete the project and all of its data.

Organization management

Admins can

  • Invite members and change their roles
  • Create and manage teams
  • Create projects within the organization
  • View the audit logTeam

Owners can additionally

  • Change the plan and manage billing
  • Configure SSO (SAML / OIDC)Team
  • Delete the organization

Where roles are assigned

Organization

Assigned to members of the organization. Owners and admins manage the org itself.

  • OwnerFull control, including billing, SSO, and deleting the organization.
  • AdminInvite members, manage teams and projects — everything except billing and SSO.
  • MemberCreate and edit work items and collaborate on the org's projects.
  • ViewerRead-only access across the organization's projects.
  • GuestAccess only to the specific projects they're added to.

Teams

Scoped to a single team and the projects it owns. “Lead” is the team-level admin.

  • OwnerFull control of the team, including deleting it and managing its projects.
  • LeadAdd and remove team members and manage the team's projects.
  • MemberBelongs to the team and inherits access to its projects.
  • ViewerRead-only access to the team's projects.

Project access

Per-project collaborators (Team plan) — give an individual their own role on one project, on top of team access.

  • OwnerFull control of this project, including its settings and access.
  • MemberCreate, edit, and comment on work items in this project.
  • ViewerRead-only access to this project.