Resource Planner Blog

Resource Planner Roles and Permissions: Member, Manager, Customer, and Admin

Resource Planner has four workspace roles: Member, Manager, Customer, and Admin. Each role starts with a clear set of permissions, while a small number of additional settings control how much of the workspace a person can see or manage.

This guide is the reference for the intended role and permission policy in Resource Planner. “Visible” means that an item appears in a list, timeline, or planning overview. Full details, editing rights, financial information, and access management are listed separately because seeing an item does not automatically grant control over it.

Permission modifiers

Five settings refine the base roles:

  • A Member can have Can only see themselves visibility or Can see the team visibility.
  • A Manager can have Only people they manage visibility or Can see everyone visibility.
  • A Manager can separately manage selected people or have Manager oversees all members enabled.
  • A Manager can separately be allowed to see financial information.
  • A Customer can separately be allowed to edit assignments on projects they have been invited to.

Role and permission matrix

Permissions by feature and workspace role
Feature or activity Member Manager Customer Admin
Navigation and visibility
Resources tab and visible people Can only see themselves: sees only themselves.
Can see the team: sees all workspace members.
Only people they manage: sees themselves and their management hierarchy.
Can see everyone: sees every resource, including other managers and admins. Visibility does not expand who the Manager can edit or plan.
Sees only resources assigned to projects they have been invited to. Sees every workspace resource.
Projects tab and planning overview Can only see themselves: Projects tab is hidden.
Can see the team: Projects is visible, including the workspace planning overview, milestones and size of projects (but no rates).
Always sees Projects and the workspace projects. Sees only projects they have been invited to and the assignments on those projects. Sees every project and assignment.
Full resource details Cannot open any person's details. Can open details only for resources they can edit: themselves and managed non-admin resources. Other visible people remain available only in the planning overview. Financial fields require financial access. Cannot open a person's full details; only the planning summary needed for invited projects is visible. Can open and edit every resource.
Full project details Cannot open project details. Can open project details. Financial fields require financial access. Cannot open full project details; only the invited project planning view is visible. Can open every project detail.
Planning operations
Create, update, or delete normal assignments No. The only assignment exception is their own Time Off. Yes, for themselves and managed non-admin resources. With Manager oversees all members enabled, can plan every non-admin resource. Seeing everyone does not grant planning access. Read-only by default. When Can edit assignments is enabled, can create, update, and delete assignments only within invited projects and only for resources already visible through those projects. Yes, for every project and resource.
Create, update, or delete projects No. Yes, for normal projects. Financial fields are available only with financial access. No. Yes.
Create, update, or delete resources No. Can add planning-only resources or invite them as Members or Customers, and edit general planning data for themselves and managed non-admin resources. Can delete managed Member or Customer resources, but never themselves or Manager/Admin resources. No. Can add planning-only resources or invite them with any role, and can edit or delete every resource. Deleting the last active Admin is blocked.
Time Off
Create, edit, or delete own Time Off Can create, edit, and delete only their own Time Off while it is pending. Once approved, including when the Time Off type is auto-approved, they can no longer edit or delete it. A Manager who manages them or an Admin must make later changes. Can create, edit, and delete their own Time Off while it is pending, but cannot approve it themselves. Once approved, they can no longer edit or delete it. A higher Manager who manages them or an Admin must make later changes. No Time Off access. Can create, edit, delete, and approve Time Off, including their own.
Manage or approve another person's Time Off No. Can create, edit, delete, and approve Time Off for people in their management scope, excluding themselves and Admins. Time Off they create for a managed person is approved immediately. No. Can manage and approve every request.
Time Off allowance and workspace policy Can view their own allowance but cannot add or remove allowance entries or change Time Off type rules. Can append allowance adjustments and void existing entries for managed non-Manager, non-Admin people, excluding themselves. Manager and Admin allowance history is Admin-only. Cannot change workspace-wide Time Off types or their approval and unlimited-allowance rules. No access. Can append or void allowance entries for everyone and manage Time Off types, including their approval and unlimited-allowance rules. Existing allowance entries remain immutable audit history.
Financial information and reporting
Financial information and rates No financial information. Hidden by default. With financial access, can view and edit project rates and rates for editable resources, including their own. Admin resource rates remain read-only. No financial information. Full financial visibility and editing.
Forecast tab No. Visible only when financial access is enabled. No. Yes.
Time tracking Sees and manages only their own time information. Sees their own time and time recorded by managed non-admin people. Each person still controls their own time entries. No access. Sees all workspace time information. Can create, update, and delete only their own time entries. Can link an initially unlinked account and relink their own account to another eligible planning-only resource.
Roles and workspace access
Invite people or change roles and permissions No. Can invite and manage access for people in their scope only when the target role is Member or Customer. Cannot assign or manage Manager or Admin access. No. Can invite people and manage every role and permission.
Change or remove own workspace access Cannot change their own role or permissions. Cannot change their own role or permissions. Cannot change their own role or permissions. Can change or remove their own access only when another active admin remains.
Account and settings
Workspace name Can see the workspace name but cannot change it. Can see the workspace name but cannot change it. Can see the workspace name but cannot change it. Can see and change the workspace name.
Delete own account No. A Manager who manages them or an Admin must delete them from Resources. No. Managers cannot delete themselves; an Admin must delete them from Resources. No. A Manager who manages them or an Admin must delete them from Resources. Yes. When another active Admin remains, deleting the account also deletes the linked person from Resources. If they are the last active Admin, the confirmation warns that deleting the account permanently deletes the entire organization and its data.
Billing and subscription Can see the current plan, purchased seats, and workspace capacity, but cannot manage the subscription. Can see the current plan, purchased seats, and workspace capacity, but cannot manage the subscription. Can see the current plan, purchased seats, and workspace capacity, but cannot manage the subscription. Can see plan and capacity information and manage the subscription.
API keys, MCP keys, and webhooks No access. No access. No access. Full access.

How to read conditional permissions

Visibility is not edit access

A person may appear in a Resource or Project overview without exposing their full details or allowing changes. For example, a team-visible Member can see the planning overview for other roles but cannot open another person's details. Similarly, a Manager who can see everyone cannot open details for people outside their editable scope.

Manager scope follows the management structure

Manager visibility and management scope are separate. Can see everyone expands the planning overview but does not grant editing rights. A Manager normally edits and plans only themselves and their management hierarchy; Manager oversees all members expands that management scope to every non-admin resource. Managers may refer to one another in the hierarchy without creating a permission problem because cycles are resolved safely, while Admin records remain protected from Manager edits.

Financial access is separate from management scope

A Manager's management scope decides which resources they can manage. Their visibility setting separately decides who appears in the overview, and the financial setting decides whether rates and Forecast are visible. Enabling visibility or financial access does not expand the Manager's editing scope or allow them to edit Admins.

API and MCP credentials provide unrestricted workspace access

API access keys and MCP keys are workspace-level credentials, not role-scoped user sessions. Anyone or any system given either credential receives unrestricted access to the workspace through the operations supported by that integration, equivalent to acting as an Admin. Only Admins can create, replace, or remove these credentials, and they should share them only with fully trusted systems and people.

MCP connections authenticated through a personal OAuth session are accepted only for an active Admin. This keeps the unrestricted MCP tool set consistent with the Admin-only integration policy.

Plan limits still apply

Role permissions describe who may perform an operation. Workspace plan limits apply separately and can block otherwise permitted resource or assignment creation when the workspace has no available seats or has reached its assignment allowance. Existing assignments can still be updated or deleted when only the free-plan assignment allowance has been reached.

The last admin protects the workspace

Resource Planner blocks the last active Admin from being removed or demoted and blocks their resource from being deleted through team management. Personal account deletion is the explicit exception: after a destructive confirmation, the last active Admin can delete their account, which permanently deletes the entire organization and all of its planning, Time Off, time-tracking, access, and settings data. When another active Admin remains, deleting an Admin account removes only that account.