Two Roles Walk Into a Support Queue
cStar used to have two team roles: Agent and Admin. And honestly? For a three-person team where everyone's doing everything, that works. You're all heroes. You're all wearing every hat. It's a LAN party, not an org chart.
Then your team grows. You hire someone brilliant at writing documentation who absolutely should not have access to the "delete all customers" button. Or a stakeholder who needs to see metrics but would cause a small catastrophe if they touched a live ticket.
Two roles can't handle that. You either give people too much access (terrifying) or become the human permission proxy fielding "hey, can you do this for me?" requests all day (soul-crushing). Neither path leads anywhere good.
So we built something better.
Your Party, Assembled
Every role gets a game title. Not because we're being cute -- because "User Level 3" is lazy and your team deserves actual identity. This is cStar. We name things.
Owner -- The Guildmaster
Full access to everything. Billing. Team deletion. The nuclear codes. There's exactly one Guildmaster per team, and ownership is transferred, never assigned. Heavy is the head.
Admin -- The Commander
Everything the Guildmaster can do, minus billing. Manages members, settings, API keys, webhooks -- the operational backbone of the team. Your trusted second-in-command. Every guild needs a Commander who keeps the gears turning while the Guildmaster sleeps.
Manager -- The Captain
Team lead territory. Tickets, customers, articles, SLA settings, custom fields, exports, bulk operations, deletions -- The Captain runs the floor. What they can't touch: team settings, member management, integrations. That's Commander territory. Clear lines. No ambiguity.
Librarian -- The Lorekeeper
Your knowledge base specialist. Creates, edits, and manages articles and quick replies with full autonomy. Can view tickets and customers for context but can't modify them. This is the person who keeps your docs pristine, your quick replies sharp, your knowledge organized. They don't work the queue -- they arm the people who do.
Agent -- The Hero
The frontline. Works tickets. Manages customers. Earns XP. Levels up. Can't delete records, can't change settings, can't restructure the knowledge base. Focused entirely on what matters: helping customers and getting stronger. Plus Ultra.
Spectator -- The Watcher
Read-only access to everything. Tickets, customers, articles, analytics, the audit log -- visible but untouchable. Ideal for the CEO who wants to peek at metrics, the PM gathering insights, or the new hire still learning the ropes before they draw their sword.
The Permission Matrix
Behind those six roles: twenty-three individual permissions. Every action in cStar maps to a specific permission. Every permission maps to specific roles. No exceptions.
Some highlights:
- manage_billing -- Guildmaster only. Period. Full stop. End of discussion.
- manage_members -- Guildmaster and Commander. Nobody else invites or removes team members.
- manage_articles -- Guildmaster, Commander, Captain, and Lorekeeper. The people who should be writing docs, can.
- delete_tickets / delete_customers -- Captain and above. Heroes can't accidentally nuke records. This is a feature, not a limitation.
- game_participation -- Everyone. XP, boss battles, achievements, the leaderboard. The adventure is for the whole party, Watchers included. Read-only access doesn't mean read-only fun.
And here's the part that matters: enforcement happens at three layers. The UI hides or disables buttons. The API rejects unauthorized requests server-side. The database enforces row-level security policies. There's no "just inspect element and change the button to enabled" shortcut. We've seen that trick. It doesn't work here.
Invitations With Intention
When you invite someone new, you pick their role from a dropdown -- not a binary toggle. The invite modal shows each role's game title and a plain-English description. You know exactly what access you're granting before you click send.
The hierarchy makes sense without a flowchart: Guildmasters assign any role. Commanders assign Captain and below -- but not other Commanders (that's a Guildmaster decision). Captains and below don't assign roles at all.
Color-Coded Badges
Every team member wears their role as a color-coded badge throughout the app. Guildmasters get midnight. Commanders get indigo. Captains get orange. Lorekeepers get sky blue. Heroes get coral. Watchers get fuchsia. You'll see these in Settings, in member lists, anywhere a role matters.
No more guessing who can do what.
What Didn't Change
- Pricing. Still $15/seat for active roles. Spectators are free -- up to 3 per team at no charge. Invite your CEO, your PM, your new hire in training without touching your bill.
- Existing teams. Your Admins stay Admins. Your Agents stay Agents. Nothing breaks, nothing resets, nothing migrates without your say-so.
- The game. Every role participates in XP, achievements, boss battles, and the leaderboard. The Watcher sees the adventure unfold in real-time. The Lorekeeper earns XP for stellar articles. The whole party levels together.
Not Enterprise. Just Sensible.
Role-based permissions exist in every enterprise platform -- usually buried behind a "Contact Sales" button and a forty-seven-page security whitepaper you'll never read.
We built ours to be simple, transparent, and included. Six roles that cover every real-world team structure we've seen. No custom role builder with two hundred checkboxes. No "Enterprise tier required." No configuration anxiety.
Your team has different people with different jobs. Now cStar reflects that.
Go assign some roles. Your party awaits.
Written by Josh Lopez. He spent way too long naming these roles and regrets nothing.