Roles and permissions, explained

Roles decide who can do what in your workspace. Here is how to think about them so your community stays both open and under control.

A screenshot of a Groupanda workspace called Founders Lab, showing channels, a pinned message, and a conversation between members

A role is a named set of permissions you assign to members, and access control is the practice of giving each person exactly the abilities they need. Together they let a community stay welcoming to newcomers while keeping the important controls in trusted hands. This guide explains how to set roles up without overcomplicating them.

The three roles most communities need

It is tempting to invent a role for every situation. Resist it. Almost every healthy community runs on three levels.

  • Owner. You, and anyone you fully trust to manage the workspace, billing, and roles.
  • Moderator. People who keep conversations healthy: they can pin, remove, and manage members, but not change the workspace itself.
  • Member. Everyone else. They can read and take part in the channels open to them.

Three roles cover the vast majority of decisions. Add a fourth only when you hit a real need that these cannot express, such as a guest role with read-only access to a single channel.

What permissions actually control

Permissions decide who can perform each action, from posting in a channel to managing other members. When you set them, ask a single question for each ability: what is the worst that happens if the wrong person has this? Post access is low-risk, so keep it open. Member removal and role changes are high-risk, so keep them narrow.

Give people the least access that still lets them do their job well. It is easier to grant more later than to claw it back.

Channel-level access

Not every channel should be open to everyone. Access control lets you keep some channels private to a role or a subscription tier.

  • A moderators channel stays private to the people running the space.
  • A members channel opens to everyone who has joined.
  • A subscribers channel can open only to members with an active subscription.

That last option is how paid access works in practice. When a community runs paid groups, an active subscription automatically grants entry to the channels reserved for it, and losing the subscription removes that access. You set the structure once, and billing keeps it in sync.

Common mistakes to avoid

A few patterns cause most of the trouble.

  1. Too many roles. Every extra role is another thing to reason about. Keep the list short.
  2. One person with every permission. If only you can moderate, the community stops when you step away. Share the load.
  3. Silent changes. When you change what a role can do, tell the people it affects. Surprises feel like punishment.

The short version

Start with owner, moderator, and member. Give each role the least access it needs, keep sensitive channels private to the right people, and lean on subscription-based access when you run a paid group. Simple roles, clearly explained, keep a community both open and in control.