Roles and permissions
What Admin, Member, and Viewer roles can do in ADO Pilot, and the exact errors you see when a non-admin tries an admin-only action.
Last updated
ADO Pilot uses three organization roles to control access to settings, billing, team management, and repository configuration. Every member of your org has exactly one role, and only Admins can change settings or invite people.
The three roles
The dashboard shows the role descriptions on the Team page under Role permissions. They are reproduced verbatim below.
- Admin — Full access to all settings, billing, team management, and repository configuration.
- Member — Can manage repositories, view reviews, and configure notification preferences.
- Viewer — Read-only access to review history and repository status. Cannot change settings.
Capability matrix
ADO Pilot has three organization roles. The descriptions below match what the Role permissions card on the Team settings page shows in the dashboard.
- Admin — Full access to all settings, billing, team management, and repository configuration.
- Member — Can manage repositories, view reviews, and configure notification preferences.
- Viewer — Read-only access to review history and repository status. Cannot change settings.
| Capability | Admin | Member | Viewer |
|---|---|---|---|
| View dashboard, reviews, and findings | Yes | Yes | Yes |
| View repository status and integration page | Yes | Yes | Yes |
| View team members and pending invites | Yes | Yes | Yes |
| View billing and subscription | Yes | Yes | Yes |
| Configure repository settings | Yes | No | No |
| Change notification settings | Yes | No | No |
| Test webhooks | Yes | No | No |
| Invite team members | Yes | No | No |
| Cancel pending invites | Yes | No | No |
| Remove team members | Yes | No | No |
| Start Stripe checkout | Yes | No | No |
| Open the Stripe billing portal | Yes | No | No |
| Change the overage cap | Yes | No | No |
What each role can read
All three roles share the same read access. Anyone in the org can:
- Open the dashboard and view review history and findings.
- View repository status and the Azure DevOps integration page.
- See who is on the team and which invites are pending.
- View the current plan, usage, and invoices on the Billing page.
Read access is not separately gated by role — only mutations are.
What only Admins can do
The following actions return HTTP 403 for any caller whose role is not admin. Members and Viewers see these errors today; only the Admin role can perform them.
| Action | Endpoint | Error message returned to non-admins |
|---|---|---|
| Invite a team member | POST /api/settings/team | Only admins can invite team members |
| Cancel a pending invite | DELETE /api/settings/team?inviteId=… | Only admins can manage team members |
| Remove a team member | DELETE /api/settings/team?memberId=… | Only admins can manage team members |
| Start a Stripe checkout | POST /api/billing/checkout | Only admins can manage billing |
| Open the Stripe portal | POST /api/billing/portal | Only admins can manage billing |
| Change the overage cap | PUT /api/billing/overage-cap | Only admins can change the overage cap |
| Change notification settings | PUT /api/settings/notifications | Only admins can change notification settings |
| Send a test webhook | POST /api/settings/notifications/test-webhook | Only admins can test webhooks |
| Modify repository settings | PUT /api/settings/repositories | Only admins can modify repository settings |
The error messages above are the literal strings returned by the API and asserted by the end-to-end test suite. If the dashboard surfaces one of these, the calling user does not have the Admin role.
Member vs Viewer today
The dashboard shows separate descriptions for Member and Viewer, and the role badge on the team list reflects which role each user holds. At the API layer, both roles currently fall through the same orgRole !== "admin" gate, so a Member and a Viewer see the same 403 messages for the same actions. Plan future role separation based on the descriptions in the Role permissions card, not on observed API behavior.
Changing someone's role
Role changes are not yet exposed in the dashboard. To change a user's role today, an admin can remove the member and re-invite them with the new role. See Inviting team members and Removing team members.