Admin permissions reference
Reference of organization-level permissions available in Retool.
| Role-based Access Controls Availability | |||
|---|---|---|---|
| Cloud | Generally Available | ||
| Self-hosted Edge 3.300 or later | Generally Available | ||
| Self-hosted Stable Expected in Q1 2026. | |||
RBAC provides access to certain permission scopes for customers on the Business plan, and Admin granularity provides access to all organization-level permissions for customers on the Enterprise plan, which are organized into categories on the Settings > Roles & Permissions page.
Some permissions automatically include other permissions. When you select a parent permission, all child permissions are included:
- Edit queries includes View queries.
- Use Assist with Build and Ask mode includes Use Assist with Ask mode only.
The UI automatically handles these dependencies when you configure roles.
User management
Delegate user and authentication administration:
| Permission name | Description | Business | Enterprise |
|---|---|---|---|
| Manage single sign-on (SSO) | Configure single sign-on integrations. | ||
| Manage user attributes | Define and manage custom user attributes. | ||
| View account details | View and manage account details. | ||
| View users page with emails | View the users page with user emails. |
Example
Create an Identity Manager role for your IT team to manage SSO and user provisioning without full admin access.
Query library
Control access to shared queries:
| Permission name | Description | Business | Enterprise |
|---|---|---|---|
| Edit queries | Create, edit, and delete queries in the library. | ||
| View queries | View and use queries from the library. |
Example
Create a Query Developer role for database experts to manage shared query templates.
Organization configuration
Delegate core organization setting administration:
| Permission name | Description | Business | Enterprise |
|---|---|---|---|
| Manage Spaces | Configure and manage Spaces. | ||
| Manage internationalization | Configure language and localization settings. | ||
| Manage Retool API | Manage API access tokens and settings. | ||
| Manage source control | Configure Git integrations. | ||
| Manage usage analytics | View and configure analytics. | ||
| Manage billing | View and manage billing settings. | ||
| View audit logs | Access audit log data. |
Example
Create a Finance Admin role that grants access to billing and usage analytics only, allowing your finance team to monitor costs without accessing other settings.
Customization
Control branding and customization settings:
| Permission name | Description | Business | Enterprise |
|---|---|---|---|
| Manage branding | Configure organization branding and styling. | ||
| Manage themes | Create and edit custom themes. | ||
| Manage Retool Events | Configure and manage Retool Events. | ||
| Manage Retool External | Configure external user access and APIs. | ||
| Manage custom components libraries | Manage custom component libraries. |
Example
Create a Design Manager role for your design team to manage branding and themes.
Configuration
Delegate technical configuration settings:
| Permission name | Description | Business | Enterprise |
|---|---|---|---|
| Allow access to unpublished releases | Grant access to edge/unpublished releases. | ||
| Manage environments | Configure resource environments. | ||
| Manage configuration variables | Manage config variables. | ||
| Manage Retool AI | Configure AI features and settings. | ||
| Manage IAM credentials | Manage secrets and IAM integrations. | ||
| Manage observability | Configure monitoring and observability. |
Example
Create a DevOps Manager role that grants access to environments, config variables, and IAM credentials for your operations team.
Additional settings
Control access to specialized settings:
| Permission name | Description | Business | Enterprise |
|---|---|---|---|
| Manage advanced settings | Access advanced organization settings. | ||
| Manage mobile settings | Configure mobile app settings. | ||
| Manage beta settings | Access and configure beta features. | ||
| Manage draft apps | Control draft app access and settings. |
Assist
Control access to Assist features:
| Permission name | Description | Business | Enterprise |
|---|---|---|---|
| Use Assist with Build and Ask mode | Full write access to Assist features. | ||
| Use Assist with Ask mode only | Read-only access to Assist features. |
Example
Create a Assist Editor role to allow specific teams to configure AI assistance for their users.