User Roles

Alloy uses organization membership roles for customer workspaces, plus a separate internal developer access flag for Alloy internal team.

Customer users have one organization role in each workspace:

• `member` — regular workspace access.
• `admin` — elevated workspace access for organization management tasks.
• `owner` — highest workspace role, used for ownership-level actions such as changing human user roles.

Most customer-facing permission checks are based on the user's current organization membership. When a surface is described as org-admin gated, both `admin` and `owner` users should be treated as passing that gate unless the surface explicitly requires owner-only access.

`developer` is not a customer role and is not be granted to customer users.

Developer access is an internal Alloy platform flag used by Alloy's own team for support, operations, and system administration surfaces. Developer-gated pages may expose tools that are not part of normal customer workspace administration.

Treat developer access as an Alloy-operator capability, not as part of the customer role hierarchy.

User roles are only one part of Alloy permissions. AI teammate access is controlled separately through storage folder sharing, enabled tools, enabled MCP servers, and so on.