Admin permissions reference
Reference of organization-level permissions available in Retool.
| Role-based Access Controls Availability | |||
|---|---|---|---|
| Cloud | Generally Available | ||
| Self-hosted Edge 3.300 or later | Generally Available | ||
| Self-hosted Stable Expected in Q1 2026. | |||
RBAC provides access to certain permission scopes for customers on the Business plan, and Admin granularity provides access to all organization-level permissions for customers on the Enterprise plan, which are organized into categories on the Settings > Roles & Permissions page.
Some permissions automatically include other permissions. When you select a parent permission, all child permissions are included:
- Edit queries includes View queries.
- Use Assist with Build and Ask mode includes Use Assist with Ask mode only.
- Manage billing includes Manage user seats.
The UI automatically handles these dependencies when you configure roles.
User management
Delegate user and authentication administration:
| Permission name | Description | Business | Enterprise |
|---|---|---|---|
| Manage single sign-on (SSO) | Configure single sign-on integrations. | ||
| Manage user attributes | Define and manage custom user attributes. | ||
| View account details | View and manage account details. | ||
| View users page with emails | View the users page with user emails. |
Example
Create an Identity Manager role for your IT team to manage SSO and user provisioning without full admin access.
Query library
Control access to shared queries:
| Permission name | Description | Business | Enterprise |
|---|---|---|---|
| Edit queries | Create, edit, and delete queries in the library. | ||
| View queries | View and use queries from the library. |
Example
Create a Query Developer role for database experts to manage shared query templates.
Organization configuration
Delegate core organization setting administration:
| Permission name | Description | Business | Enterprise |
|---|---|---|---|
| Manage Spaces | Configure and manage Spaces. | ||
| Manage internationalization | Configure language and localization settings. | ||
| Manage Retool API | Manage API access tokens and settings. | ||
| Manage source control | Configure Git integrations. | ||
| Manage usage analytics | View and configure analytics. | ||
| Manage billing | View and manage billing settings. | ||
| Manage user seats | Assign and modify user seat types (builder, internal, or external). | ||
| View audit logs | Access audit log data. |
Example
Create a Finance Admin role that grants access to billing and usage analytics only, allowing your finance team to monitor costs without accessing other settings.
Customization
Control branding and customization settings:
| Permission name | Description | Business | Enterprise |
|---|---|---|---|
| Manage branding | Configure organization branding and styling. | ||
| Manage themes | Create and edit custom themes. | ||
| Manage Retool Events | Configure and manage Retool Events. | ||
| Manage Retool External | Configure external user access and APIs. | ||
| Manage custom components libraries | Manage custom component libraries. |
Example
Create a Design Manager role for your design team to manage branding and themes.
Configuration
Delegate technical configuration settings:
| Permission name | Description | Business | Enterprise |
|---|---|---|---|
| Allow access to unpublished releases | Grant access to edge/unpublished releases. | ||
| Manage environments | Configure resource environments. | ||
| Manage configuration variables | Manage config variables. | ||
| Manage Retool AI | Configure AI features and settings. | ||
| Manage IAM credentials | Manage secrets and IAM integrations. | ||
| Manage observability | Configure monitoring and observability. |
Example
Create a DevOps Manager role that grants access to environments, config variables, and IAM credentials for your operations team.
Additional settings
Control access to specialized settings:
| Permission name | Description | Business | Enterprise |
|---|---|---|---|
| Manage advanced settings | Access advanced organization settings. | ||
| Manage mobile settings | Configure mobile app settings. | ||
| Manage beta settings | Access and configure beta features. | ||
| Manage draft apps | Control draft app access and settings. |
Assist
Control access to Assist features:
| Permission name | Description | Business | Enterprise |
|---|---|---|---|
| Use Assist with Build and Ask mode | Full write access to Assist features. | ||
| Use Assist with Ask mode only | Read-only access to Assist features. |
Example
Create a Assist Editor role to allow specific teams to configure AI assistance for their users.