Skip to Content
Account ManagementRoles and Permissions

Roles and Permissions

Vendo uses roles to control what team members can do in your account. Each person on your team has exactly one role, which determines their level of access.

Open Settings > Members to view and manage team members and their roles.


Roles

Vendo currently supports two roles:

RoleDescription
OwnerFull access to everything. Can delete resources and manage team settings.
MemberCan read, create, update, and run most things. Cannot delete resources.

When you invite someone to your account, they join as a Member by default.


What each role can do

Owner

Owners have unrestricted access. They can:

  • Read, create, update, and delete all resources (sources, destinations, models, etc.)
  • Invite and remove team members
  • Change team member roles
  • Manage billing and API keys
  • Cancel and manage pipeline jobs

Use the Owner role for account administrators and team leads who need full control.

Member

Members can do most day-to-day work but cannot perform destructive actions. They can:

  • View all data, sources, destinations, and reports
  • Create and update sources, destinations, and integrations
  • Run models, pipelines, and export jobs
  • Create and manage tasks
  • Query the data warehouse
  • Upload documents

Members cannot:

  • Delete sources, destinations, integrations, or models
  • Remove team members or change roles
  • Manage billing settings
  • Create or manage API keys

Use the Member role for team members who need to work with data but should not have delete access.


Permission reference

The table below shows what each role can do across different areas of Vendo.

AreaOwnerMember
Account settingsView and editView only
Team membersFull controlView only
BillingFull controlNo access
SourcesRead, write, delete, manageRead, write, manage
AppsRead, write, delete, manageRead, write, manage
IntegrationsRead, write, delete, manageRead, write, manage
ModelsRead, write, delete, runRead, write, run
Pipeline jobsRead, manage, cancelRead, manage, cancel
DestinationsRead, write, delete, manageRead, write, manage
WorkflowsRead, writeRead, write
TasksRead, write, manageRead, write, manage
MetricsRead, write, deleteRead, write
ReportsRead, writeRead, write
Data warehouseRead, queryRead, query
Data dictionaryReadRead
DocumentsRead, writeRead, write
Measurement & recommendationsRead, manageRead, manage
UsageReadRead
API keysRead, write, adminNo access

You can inspect the live role-to-permission matrix for your account under Labs > Permissions — a read-only viewer that shows exactly which permissions each role holds.


Managing team members

Invite someone

  1. Go to Settings > Members.
  2. Click Invite Member.
  3. Enter their email address.
  4. They will receive an invitation email to join your account.

New members join with the Member role by default.

Change someone’s role

  1. Go to Settings > Members.
  2. Find the team member in the list.
  3. Click the role dropdown next to their name.
  4. Select the new role.

Only Owners can change roles.

Remove someone

  1. Go to Settings > Members.
  2. Find the team member in the list.
  3. Click Remove.

Only Owners can remove team members.


Frequently Asked Questions

Why can’t I delete this source?

You are likely a Member. Members cannot delete sources, destinations, integrations, or models. Ask an Owner on your team to delete it, or ask them to change your role to Owner.

How do I change someone’s role?

Go to Settings > Members, find the person, and use the role dropdown to change their role. Only Owners can change roles.

What happens when I invite someone?

They receive an email invitation to join your account. Once they accept, they are added as a Member by default. An Owner can change their role afterward if needed.

Can I create custom roles?

Not currently. Vendo supports Owner and Member roles. If you need more granular permissions, contact support@vendodata.com to share your requirements.

Do API keys inherit permissions?

Yes. API keys inherit the permissions of the user who created them. If a Member creates an API key, that key has Member-level access (cannot delete resources).


Last updated on