Skip to main content
Feature Announcement

Introducing Role-Based Permissions: Your Team, Your Rules

· · 4 min read

The Problem With Two Roles

Until now, cStar had two team roles: Agent and Admin. That works great when your team is three people and everyone wears every hat.

But the moment you hire someone who should manage your knowledge base but not delete customer records? Or someone who needs to watch metrics but not touch tickets? Two roles fall apart fast.

You either over-permission people (risky) or constantly field "can you do this for me?" requests (annoying). Neither is good.

So we fixed it.

Six Roles, Built for Real Teams

Every role has a game title — because this is cStar and your team deserves better than "User Level 3."

🏰 Owner — The Guildmaster

Full access to everything, including billing and team deletion. There's exactly one per team, and ownership is transferred — never assigned. The buck stops here.

⚔️ Admin — The Commander

Everything the Owner can do except billing. Manages members, settings, API keys, webhooks. Your trusted second-in-command who keeps the operation running.

🛡️ Manager — The Captain

Team lead territory. Can manage tickets, customers, articles, SLA settings, and custom fields. Can delete tickets and customers, export data, and run bulk operations. Can't touch team settings, members, or integrations — that's Commander territory.

📚 Librarian — The Lorekeeper

Your knowledge base specialist. Can create, edit, and manage articles and quick replies. Can view tickets and customers for context, but can't modify them. Perfect for the person who keeps your docs pristine but doesn't work the queue.

🗡️ Agent — The Hero

The frontline. Works tickets, manages customers, earns XP. Can't delete records, can't change settings, can't touch the knowledge base. Focused on what matters: helping customers and leveling up.

👁️ Spectator — The Watcher

Read-only access to everything. Can see tickets, customers, articles, analytics, and the audit log — but can't change a thing. Ideal for stakeholders, executives, or new team members in training.

Twenty-Three Granular Permissions

Behind the six roles sits a permission matrix of 23 individual permissions. Every action in cStar maps to a specific permission, and every permission maps to specific roles.

A few highlights:

  • manage_billing — Owner only. Period.
  • manage_members — Owner and Admin. Nobody else can invite or remove team members.
  • manage_articles — Owner, Admin, Manager, and Librarian. The people who should be writing docs, can.
  • delete_tickets / delete_customers — Manager and above. Agents can't accidentally nuke records.
  • game_participation — Everyone. XP, boss battles, and achievements are for the whole team.

Every permission is enforced at three layers: the UI (buttons hide or disable), the API (server rejects unauthorized requests), and the database (row-level security policies). There's no "just edit the DOM" shortcut.

Inviting With Intent

When you invite a new team member, you now pick their role from a dropdown — not a binary toggle. The invite modal shows each role's game title and a plain-English description so you know exactly what access you're granting.

Owners can assign any role. Admins can assign Manager and below (but not other Admins — that's an Owner call). Managers and below can't assign roles at all.

It's a hierarchy that makes sense without a flowchart.

Role Badges Everywhere

Every team member now wears their role as a color-coded badge throughout the app. Owners get the midnight badge. Admins get indigo. Managers get orange. Librarians get sky blue. Agents get coral. Spectators get fuchsia.

You'll see these in Settings → Team Members, in the member list, and anywhere a team member's role matters. No guessing who can do what.

What Didn't Change

A few important things that stay the same:

  • Pricing: Still $15/seat for active roles. Spectators are free — up to 3 per team at no charge. Invite your CEO, your PM, or a new hire in training without touching your bill.
  • Existing teams: Your current Admins stay Admins. Your current Agents stay Agents. Nothing breaks, nothing resets.
  • Game features: Every role participates in XP, achievements, boss battles, and the leaderboard. Read-only access doesn't mean read-only fun.

Why This Matters

Role-based permissions aren't new. Every enterprise platform has them — usually buried behind a "Contact Sales" button and a 47-page security whitepaper.

We built ours to be simple, transparent, and included. Six roles that cover every real-world team structure we've seen. No custom role builder with 200 checkboxes. No "Enterprise tier required." No configuration anxiety.

Your team has different people with different jobs. Now cStar reflects that.

Go assign some roles. ⚔️

$15/seat. That's it. That's the pitch.

Developers Blog Roadmap Privacy Terms Contact

© 2026 cStar. Built with caffeine and curiosity.

Pop culture references are loving homages, not claims of affiliation. All trademarks belong to their respective owners.