Permission reference
Role-based reference for common organization, project, and page operations.
TrayPage uses separate permission checks for in-app operations and shared-page viewing.
- Management operations such as creating projects, updating settings, and managing members are decided from organization and project roles.
- In-app page operations such as opening the page workbench, uploading versions, reading/writing comments, approving versions, and managing access are decided by the role-based CRUD policy plus explicit per-page grants.
- Shared-page viewing through a share URL is decided from visibility presets, share links, domain-user settings, and link expiration.
public_linkand domain-user visibility do not allow comment APIs, revision prompts, the generic viewer-ticket API, editing, approval, or access management. - Button visibility in the app is based on capabilities returned by the server. Final enforcement always happens server-side.
Management operations
If either the organization role or the project role says "Yes" for an operation, the user can perform that operation. For example, organization owners and admins can manage broadly across projects and page publishing, while project editors can publish pages and issue API tokens for projects they belong to.
This section is generated from the CRUD policy in
src/lib/authz/crud-policy.ts.
Organization and members
| Operation | Description | Organization owner | Organization admin | Organization member | Organization viewer | Project admin | Project editor | Project commenter | Project viewer |
|---|---|---|---|---|---|---|---|---|---|
| Open organization | Read organization basics and membership context | Yes | Yes | Yes | Yes | - | - | - | - |
| Update organization settings | Change organization name or slug | Yes | Yes | - | - | - | - | - | - |
| View audit log | Read the organization's audit log | Yes | Yes | - | - | - | - | - | - |
| View allowed email domains | Read settings for domain-user visibility | Yes | Yes | - | - | - | - | - | - |
| Update allowed email domains | Change settings for domain-user visibility | Yes | Yes | - | - | - | - | - | - |
| List members | View organization members | Yes | Yes | Yes | Yes | - | - | - | - |
| Invite members | Invite or add organization members | Yes | Yes | - | - | - | - | - | - |
| Change member role | Change an organization member's role | Yes | Yes | - | - | - | - | - | - |
| Remove members | Remove members from the organization | Yes | Yes | - | - | - | - | - | - |
Projects
| Operation | Description | Organization owner | Organization admin | Organization member | Organization viewer | Project admin | Project editor | Project commenter | Project viewer |
|---|---|---|---|---|---|---|---|---|---|
| List projects | View projects in an organization | Yes | Yes | Yes | Yes | - | - | - | - |
| Create project | Create a new project in an organization | Yes | Yes | Yes | - | - | - | - | - |
| Open project | Read project surfaces and basic settings | Yes | Yes | - | - | Yes | Yes | Yes | Yes |
| Update project settings | Change project name or default visibility | Yes | Yes | - | - | Yes | - | - | - |
| Archive project | Archive a project | Yes | Yes | - | - | Yes | - | - | - |
| Add project member | Add an organization member to a project | Yes | Yes | - | - | - | - | - | - |
Pages and tokens in a project
| Operation | Description | Organization owner | Organization admin | Organization member | Organization viewer | Project admin | Project editor | Project commenter | Project viewer |
|---|---|---|---|---|---|---|---|---|---|
| List own API tokens | View API/MCP tokens you issued for a project | Yes | Yes | - | - | Yes | Yes | - | - |
| Issue API token | Issue an API/MCP token for a project | Yes | Yes | - | - | Yes | Yes | - | - |
| List pages | View pages in a project | Yes | Yes | - | - | Yes | Yes | Yes | Yes |
| Publish page | Publish a page into a project | Yes | Yes | - | - | Yes | Yes | - | - |
| Restore archived page | Restore an archived page from the project view | Yes | Yes | - | - | Yes | - | - | - |
| Open page | Open the in-app page workbench and internal page APIs | Yes | Yes | - | - | Yes | Yes | Yes | Yes |
| Upload version | Upload a new version or change editable page metadata | Yes | Yes | - | - | Yes | Yes | - | - |
| Approve version | Approve a version and publish or pin it as shared | Yes | Yes | - | - | Yes | - | - | - |
| Manage access | Manage visibility, grants, share links, moves, and archive state | Yes | Yes | - | - | Yes | - | - | - |
| Read comments | Read review comments and revision prompts | Yes | Yes | - | - | Yes | Yes | Yes | Yes |
| Write comments | Create review comments and replies | Yes | Yes | - | - | Yes | Yes | Yes | - |
| Resolve comments | Resolve review comment threads | Yes | Yes | - | - | Yes | Yes | Yes | - |
Shared-Page Viewing And Explicit Grants
Shared-page viewing is evaluated separately from the management table above because it depends on visibility presets, share links, domain-user settings, and link expiration.
| Page permission | What it allows |
|---|---|
| viewer | View a page |
| commenter | View and comment on a page |
| editor | Publish a new version |
| admin | Approve versions, pin the published version, and manage access |
Users with explicit page grants can use these page permissions for in-app operations. Users who only reach a page through public_link, a share link, or domain-user visibility are limited to shared-page body viewing. Being able to view the same page through a share URL does not imply access to in-app comments, revision prompts, version operations, or access management.
See How it works for visibility presets.