Roles and Permissions
Vendo uses roles to control what team members can do in your account. Each person on your team has exactly one role, which determines their level of access.
Open Settings > Members to view and manage team members and their roles.
Roles
Vendo currently supports two roles:
| Role | Description |
|---|---|
| Owner | Full access to everything. Can delete resources and manage team settings. |
| Member | Can read, create, update, and run most things. Cannot delete resources. |
When you invite someone to your account, they join as a Member by default.
What each role can do
Owner
Owners have unrestricted access. They can:
- Read, create, update, and delete all resources (sources, destinations, models, etc.)
- Invite and remove team members
- Change team member roles
- Manage billing and API keys
- Cancel and manage pipeline jobs
Use the Owner role for account administrators and team leads who need full control.
Member
Members can do most day-to-day work but cannot perform destructive actions. They can:
- View all data, sources, destinations, and reports
- Create and update sources, destinations, and integrations
- Run models, pipelines, and export jobs
- Create and manage tasks
- Query the data warehouse
- Upload documents
Members cannot:
- Delete sources, destinations, integrations, or models
- Remove team members or change roles
- Manage billing settings
- Create or manage API keys
Use the Member role for team members who need to work with data but should not have delete access.
Permission reference
The table below shows what each role can do across different areas of Vendo.
| Area | Owner | Member |
|---|---|---|
| Account settings | View and edit | View only |
| Team members | Full control | View only |
| Billing | Full control | No access |
| Sources | Read, write, delete, manage | Read, write, manage |
| Apps | Read, write, delete, manage | Read, write, manage |
| Integrations | Read, write, delete, manage | Read, write, manage |
| Models | Read, write, delete, run | Read, write, run |
| Pipeline jobs | Read, manage, cancel | Read, manage, cancel |
| Destinations | Read, write, delete, manage | Read, write, manage |
| Workflows | Read, write | Read, write |
| Tasks | Read, write, manage | Read, write, manage |
| Metrics | Read, write, delete | Read, write |
| Reports | Read, write | Read, write |
| Data warehouse | Read, query | Read, query |
| Data dictionary | Read | Read |
| Documents | Read, write | Read, write |
| Measurement & recommendations | Read, manage | Read, manage |
| Usage | Read | Read |
| API keys | Read, write, admin | No access |
You can inspect the live role-to-permission matrix for your account under Labs > Permissions — a read-only viewer that shows exactly which permissions each role holds.
Managing team members
Invite someone
- Go to Settings > Members.
- Click Invite Member.
- Enter their email address.
- They will receive an invitation email to join your account.
New members join with the Member role by default.
Change someone’s role
- Go to Settings > Members.
- Find the team member in the list.
- Click the role dropdown next to their name.
- Select the new role.
Only Owners can change roles.
Remove someone
- Go to Settings > Members.
- Find the team member in the list.
- Click Remove.
Only Owners can remove team members.
Frequently Asked Questions
Why can’t I delete this source?
You are likely a Member. Members cannot delete sources, destinations, integrations, or models. Ask an Owner on your team to delete it, or ask them to change your role to Owner.
How do I change someone’s role?
Go to Settings > Members, find the person, and use the role dropdown to change their role. Only Owners can change roles.
What happens when I invite someone?
They receive an email invitation to join your account. Once they accept, they are added as a Member by default. An Owner can change their role afterward if needed.
Can I create custom roles?
Not currently. Vendo supports Owner and Member roles. If you need more granular permissions, contact support@vendodata.com to share your requirements.
Do API keys inherit permissions?
Yes. API keys inherit the permissions of the user who created them. If a Member creates an API key, that key has Member-level access (cannot delete resources).
Related
- Credits and Billing — manage your plan and usage
- CLI — authenticate and use Vendo from the command line
- MCP Server — programmatic access to Vendo