Skip to main content

Organization roles

Organization roles contain permission scopes that control access to organization-wide settings in Retool, such as managing billing, configuring SSO, editing the query library, or viewing audit logs. Assigning an organization role to a group gives every member of that group the ability to access or modify those settings without requiring full admin access.

Organization roles are available on the Business and Enterprise plans.

Available scopes

The permission scopes available to an organization role depend on your plan:

  • Business: Scopes for non-sensitive settings: query library access, draft app management, theme editing, Assist access, user visibility, and account details.
  • Enterprise: All Business scopes, plus admin granularity: an expanded set of scopes for sensitive administrative settings like SSO, billing, IAM credentials, audit logs, Spaces, and source control.

For the full list of scopes organized by category, see the Admin permissions reference.

Default organization roles

Retool automatically creates a default organization role for each built-in group:

GroupDefault organization role
AdminsAll organization permission scopes
EditorsQuery library (edit), view users, manage account details, unpublished releases, drafts
ViewersQuery library (view), view users, manage account details

Default roles cannot be edited or deleted.

Next steps