Roles & permissions.
Access in Stori follows a single role hierarchy. A higher role can do everything a lower role can, plus more — at the organization, team, and project level.
The hierarchy
Owner
Full control, including billing, SSO, and deleting the organization.
Admin
Invite members, manage teams and projects — everything except billing and SSO.
Member
Create and edit work items and collaborate on the org's projects.
Viewer
Read-only access across the organization's projects.
Guest
Access only to the specific projects they're added to.
The hierarchy is what Stori enforces — access checks gate on a role meeting a minimum level. Some capabilities additionally require a paid plan (marked Pro / Team); see pricing.
What each project role can do
Project roles come from the owning team, an explicit collaborator grant, or your organization role.
| Capability | Viewer | Member | Admin | Owner |
|---|---|---|---|---|
View the canvas & work items Browse work items, areas, comments, and change history. | ||||
Create & edit work items Add, edit, and move cards across the canvas and its areas. | — | |||
Delete work items Remove work items from the project. | — | |||
Comment Post comments on work items. | — | |||
Run & save TraQL queriesPro Query work items and save shared views. | — | |||
Create & ship releasesPro Group work into releases and ship them. | — | |||
Edit project settings Rename, configure the workflow, default queries, and ship policy. | — | — | ||
Link a GitHub repo Connect a repository to drive state changes from pull requests. | — | — | ||
Manage project collaboratorsTeam Add individual org members to this project with their own role. | — | — | ||
Delete the project Permanently delete the project and all of its data. | — | — | — |
Organization management
Admins can
- Invite members and change their roles
- Create and manage teams
- Create projects within the organization
- View the audit logTeam
Owners can additionally
- Change the plan and manage billing
- Configure SSO (SAML / OIDC)Team
- Delete the organization
Where roles are assigned
Organization
Assigned to members of the organization. Owners and admins manage the org itself.
- Owner — Full control, including billing, SSO, and deleting the organization.
- Admin — Invite members, manage teams and projects — everything except billing and SSO.
- Member — Create and edit work items and collaborate on the org's projects.
- Viewer — Read-only access across the organization's projects.
- Guest — Access only to the specific projects they're added to.
Teams
Scoped to a single team and the projects it owns. “Lead” is the team-level admin.
- Owner — Full control of the team, including deleting it and managing its projects.
- Lead — Add and remove team members and manage the team's projects.
- Member — Belongs to the team and inherits access to its projects.
- Viewer — Read-only access to the team's projects.
Project access
Per-project collaborators (Team plan) — give an individual their own role on one project, on top of team access.
- Owner — Full control of this project, including its settings and access.
- Member — Create, edit, and comment on work items in this project.
- Viewer — Read-only access to this project.