Skip to main content

Admin permissions reference

Reference of organization-level permissions available in Retool.

Role-based Access Controls Availability
CloudGenerally Available
Self-hosted Edge 3.300 or laterGenerally Available
Self-hosted Stable Expected in Q1 2026.

RBAC provides access to certain permission scopes for customers on the Business plan, and Admin granularity provides access to all organization-level permissions for customers on the Enterprise plan, which are organized into categories on the Settings > Roles & Permissions page.

Some permissions automatically include other permissions. When you select a parent permission, all child permissions are included:

  • Edit queries includes View queries.
  • Use Assist with Build and Ask mode includes Use Assist with Ask mode only.

The UI automatically handles these dependencies when you configure roles.

User management

Delegate user and authentication administration:

Permission nameDescriptionBusinessEnterprise
Manage single sign-on (SSO)Configure single sign-on integrations.
Manage user attributesDefine and manage custom user attributes.
View account detailsView and manage account details.
View users page with emailsView the users page with user emails.
Example

Create an Identity Manager role for your IT team to manage SSO and user provisioning without full admin access.

Query library

Control access to shared queries:

Permission nameDescriptionBusinessEnterprise
Edit queriesCreate, edit, and delete queries in the library.
View queriesView and use queries from the library.
Example

Create a Query Developer role for database experts to manage shared query templates.

Organization configuration

Delegate core organization setting administration:

Permission nameDescriptionBusinessEnterprise
Manage SpacesConfigure and manage Spaces.
Manage internationalizationConfigure language and localization settings.
Manage Retool APIManage API access tokens and settings.
Manage source controlConfigure Git integrations.
Manage usage analyticsView and configure analytics.
Manage billingView and manage billing settings.
View audit logsAccess audit log data.
Example

Create a Finance Admin role that grants access to billing and usage analytics only, allowing your finance team to monitor costs without accessing other settings.

Customization

Control branding and customization settings:

Permission nameDescriptionBusinessEnterprise
Manage brandingConfigure organization branding and styling.
Manage themesCreate and edit custom themes.
Manage Retool EventsConfigure and manage Retool Events.
Manage Retool ExternalConfigure external user access and APIs.
Manage custom components librariesManage custom component libraries.
Example

Create a Design Manager role for your design team to manage branding and themes.

Configuration

Delegate technical configuration settings:

Permission nameDescriptionBusinessEnterprise
Allow access to unpublished releasesGrant access to edge/unpublished releases.
Manage environmentsConfigure resource environments.
Manage configuration variablesManage config variables.
Manage Retool AIConfigure AI features and settings.
Manage IAM credentialsManage secrets and IAM integrations.
Manage observabilityConfigure monitoring and observability.
Example

Create a DevOps Manager role that grants access to environments, config variables, and IAM credentials for your operations team.

Additional settings

Control access to specialized settings:

Permission nameDescriptionBusinessEnterprise
Manage advanced settingsAccess advanced organization settings.
Manage mobile settingsConfigure mobile app settings.
Manage beta settingsAccess and configure beta features.
Manage draft appsControl draft app access and settings.

Assist

Control access to Assist features:

Permission nameDescriptionBusinessEnterprise
Use Assist with Build and Ask modeFull write access to Assist features.
Use Assist with Ask mode onlyRead-only access to Assist features.
Example

Create a Assist Editor role to allow specific teams to configure AI assistance for their users.