Roles capability matrix
Ronja has five roles. Lower in this list means fewer permissions. For the concepts behind the matrix, see Roles and permissions; to assign roles, see Manage users and roles.
The five roles
Section titled “The five roles”| Role | In one line |
|---|---|
| Super Admin | The org owner. Assigned automatically to whoever creates the organization — has every permission, including promoting other members to Admin. |
| Admin | Runs the workspace. Manages people, settings, and data. |
| Data Admin | Owns the data layer. Connects sources and schedules jobs. |
| User | Everyday use. Explores data and asks Ronja. |
| User Read-Only | View-only access — perfect for stakeholders. |
New invitees start as User Read-Only until an admin upgrades them. A member with no role at all fails every permission check.
Capability matrix
Section titled “Capability matrix”✓ = allowed · ◐ = allowed with conditions (see footnote) · — = not allowed
| Capability | Super Admin | Admin | Data Admin | User | User Read-Only |
|---|---|---|---|---|---|
| View shared tables, data apps & knowledge | ✓ | ✓ | ✓ | ✓ | ✓ |
| Run analyses & ask Ronja in explorations | ✓ | ✓ | ✓ | ✓ | — |
| Create notes & knowledge (through chat) | ✓ | ✓ | ✓ | ✓ | — |
| Upload files (CSV, Excel, …) | ✓ | ✓ | ✓ | ✓ ¹ | — |
| Create features | ✓ | ✓ | ✓ | ✓ ² | — |
| Build & edit tables | ✓ | ✓ | ✓ | ◐ ³ | — |
| Connect & manage data sources | ✓ | ✓ | ✓ | — | — |
| Schedule automations in shared features | ✓ | ✓ | ✓ | — ⁴ | — |
| Read workspace-shared skills, secrets, workflows & data apps | ✓ | ✓ | ✓ | ✓ | ✓ ⁵ |
| Create & edit workspace-shared skills, secrets, workflows & data apps | ✓ | ✓ | ✓ | ◐ ⁶ | — |
| Request promotions & propose new shared resources | ✓ | ✓ | ✓ | ✓ ⁷ | — |
| Connect personal MCP servers | ✓ | ✓ | ✓ | ✓ | — |
| Choose the AI model & reasoning effort per chat | ◐ ⁸ | ◐ ⁸ | ◐ ⁸ | ◐ ⁸ | — |
| Approve promotions & note / workflow / Saved-Agent proposals; commit drafts | ✓ | ✓ | ✓ ⁹ | — | — |
| Approve data app proposals | ✓ | ✓ | — ¹⁰ | — | — |
| View the member directory | ✓ | ✓ | ✓ | ✓ | ✓ |
| Invite members & assign roles | ✓ | ✓ ¹¹ | — | — | — |
| Manage organization & workspace settings | ✓ | ✓ | — | — | — |
| View every member’s explorations | ✓ | ✓ ¹² | — | — | — |
| Delete & restore workspaces (30-day trash) | ✓ | ✓ | — | — | — |
| Delete & restore features (30-day trash) | ✓ | ✓ | ✓ | — | — |
| Delete & restore tables (30-day trash) | ✓ | ✓ | ✓ | — | — |
| Permanently purge trashed items before the 30 days | ✓ | ✓ | — | — | — |
| Manage workspaces, features & tables through chat (admin tools) | ✓ | ✓ ¹³ | — | — | — |
| Promote members to Admin or Super Admin | ✓ | — | — | — | — |
| Buy credits | ✓ ¹⁴ | — | — | — | — |
| Delete the organization | ✓ ¹⁵ | — | — | — | — |
| Register a login domain (auto-join) | ✓ ¹⁶ | — | — | — | — |
Footnotes
Section titled “Footnotes”- Any member except User Read-Only can upload files in a conversation. Managing the files inside a workspace- or organization-scoped feature additionally requires Data Admin or membership in an admin workspace.
- New features are private to their creator until promoted to a workspace or the organization.
- Users can propose edits to shared tables as drafts; a Data Admin reviews and commits them. Building or editing tables directly requires Data Admin. See Versions, drafts, and approvals.
- Any member can create automations in their own private features. Automations in workspace- or organization-scoped features require Data Admin (or workspace admin for workspace features).
- Read access to shared resources is decided by workspace membership, not role — a User Read-Only member of a workspace can view that workspace’s shared resources. Private resources are visible only to their creator.
- Users can create or edit workspace-shared resources only inside a workspace whose members have been granted admin rights; Data Admins always can.
- Any member with read access to a shared feature can propose a brand-new shared note, workflow, data app, or Saved Agent there; an approver reviews it before it goes live.
- The per-chat model + effort picker is an admin-granted capability (Control Center → Models & effort). Super Admins always hold the capability (User Read-Only never does), but the picker only appears when the organization’s credit wallet has been funded and no spend downshift is active — for everyone, Super Admins included. See Govern AI spend.
- For workspace-scoped features, a workspace admin can also approve note and workflow proposals and drafts. Deleting a shared MCP server requires the full Admin role.
- Data app proposals and shared data-app drafts require the full Admin role — a Data Admin can propose one but cannot approve it.
- Admins can only assign roles below their own level — an Admin cannot make someone Admin or Super Admin. You also cannot demote yourself if you are the only member at your level or higher.
- Admins can open any member’s exploration — including private ones — for support and governance. Everyone else sees only explorations shared with them.
- Each destructive admin action requested through chat still requires explicit human approval in the conversation.
- From the Billing page. Purchases are added to your next invoice — no card is charged. See Credits and AI spend.
- Only from a logged-in browser session (never via API token). The organization shuts down immediately for every member; data is permanently deleted after a 7-day cooling-off window — contact Ronja support to restore it before then.
- Only the domain of your own login email can be registered, verified via a magic link. Anyone who then logs in with a matching email joins at the chosen default role.
- Role changes can take a minute or two to apply to a member’s active session.
- Some capability differences you see in the product’s built-in Role guide have been corrected here against the actual backend behavior — where the two disagree, this page is authoritative.