Docs
/
Contact supportLog inGet started
What is Knock?
Example apps
Authentication methods
SAML SSO
Directory sync (SCIM)
Managing members
Roles and permissions
Audit logs
Data obfuscation
Account timezone
Data retention
Custom domains
Get startedLog inContact support
Platform
Integrations
In-app UI
API reference
CLI reference
Management API
Developer tools
Tutorials
Platform
Manage your account
Roles and permissions

Roles and permissions

Learn about roles and permissions in Knock.

Learn more about the roles available to members of your Knock account.

Overview

#

Knock uses an account-level roles model, where a given account member's role determines what they'll be able to do in your account.

You set an account member's role when you invite them to the Knock dashboard. You can update their role on the Members page under the Admin section of your account settings. Learn more in our managing members documentation.

Here's an overview of the roles available to Knock account members:

  • Owner. For your primary admin who manages billing. This role can invite and manage members, manage billing, and do anything available in the admin role. Your account must always have at least one account owner.
  • Admin. For admins who need to manage account-level settings. This role can invite and manage members (excluding owner and billing roles), manage account branding, manage environments, and manage advanced developer concepts such as signing keys, enhanced security mode, variables, and webhooks. This role has all permissions available to the member role.
  • Member. For users who are editing notification workflows and templates in Knock. This role can manage workflows, layouts, users, objects, and tenants. It can make commits and push changes to subsequent environments, and has full access to message and API logs for debugging.
  • Production Member. Available when production write access is enabled in your account settings. For team members who should only work in production (such as lifecycle marketers managing in-app announcements). This role has the same permissions as the member role, but only has access to the production environment. Learn more about production write access .
  • Support. For users who shouldn't have access to workflows and templates, but should be able to dig into message and API logs for debugging purposes.
  • Billing. For account members who shouldn't have access to anything in Knock but billing.

For a complete overview of which permissions are available to which roles, see our lookup table below.

Roles and permissions lookup table

#
Owner
Admin
Member
Prod Member
Support
Billing
Admin
Manage billing
Create and manage environments
View account audit logs
Invite and manage account members
Manage account branding
Core
Create and manage workflows/templates
Create and manage email layouts
Commit and push changes
Manage users/objects/tenants
View users/objects/tenants
Manage per-tenant branding
View environment logs (API, messages)
Developer
View API keys
Create API keys
Revoke API keys
Manage variables
Manage signing keys
Manage webhooks