InPolicy has four roles. A user holds exactly one at a time. This page is the reference matrix — every action, cross-referenced against every role.
If you’re looking for prose descriptions of each role, see Users and roles.
| Role | Short description |
|---|
| Admin | Full platform control: users, SSO, analytics |
| Policy Lead | Owns policy approval; publishes policies |
| Policy Editor | Authors drafts within assigned areas |
| User | Read-only; sees published policies |
| Action | Admin | Policy Lead | Policy Editor | User |
|---|
| View published policies | ✓ | ✓ | ✓ | ✓ |
| View policy history | ✓ | ✓ | ✓ | ✓ |
| View policy rationale | ✓ | ✓ | ✓ | — |
| View draft policies | ✓ | ✓ | ✓ | — |
| Create a draft policy | ✓ | ✓ | ✓ | — |
| Edit any policy | ✓ | ✓ | ✓ | — |
| Publish / unpublish a policy | ✓ | ✓ | — | — |
| Delete a policy | ✓ | ✓ | ✓ | — |
| Restore a previous revision | ✓ | ✓ | ✓ | — |
| Use the Policy Inbox (AI imports) | ✓ | ✓ | ✓ | — |
| Accept / dismiss Inbox suggestions | ✓ | ✓ | ✓ | — |
| Use the violation detection sidebar | ✓ | ✓ | ✓ | — |
| Action | Admin | Policy Lead | Policy Editor | User |
|---|
| View comments | ✓ | ✓ | ✓ | ✓ |
| Post a comment | ✓ | ✓ | ✓ | — |
| Reply to a comment | ✓ | ✓ | ✓ | — |
| Mention another user | ✓ | ✓ | ✓ | — |
| Resolve own comments | ✓ | ✓ | ✓ | — |
| Resolve others’ comments | ✓ | ✓ | — | — |
| Action | Admin | Policy Lead | Policy Editor | User |
|---|
| Create a Division | ✓ | — | — | — |
| Create a Policy Area | ✓ | ✓ | — | — |
| Edit a Policy Area | ✓ | ✓ | — | — |
| Delete a Policy Area | ✓ | ✓ | — | — |
| Reassign a policy to a different Area | ✓ | ✓ | ✓ | — |
| Action | Admin | Policy Lead | Policy Editor | User |
|---|
| See the Users page | ✓ | — | — | — |
| Invite users by email | ✓ | — | — | — |
| Change another user’s role | ✓ | — | — | — |
| Deactivate or delete a user | ✓ | — | — | — |
| See pending invitations | ✓ | — | — | — |
| Manage own profile (name, avatar) | ✓ | ✓ | ✓ | ✓ |
| Action | Admin | Policy Lead | Policy Editor | User |
|---|
| Connect a Google Workspace directory | ✓ | — | — | — |
| Connect a Microsoft Entra directory | ✓ | — | — | — |
| Run a directory import | ✓ | — | — | — |
| Disconnect a directory | ✓ | — | — | — |
| Action | Admin | Policy Lead | Policy Editor | User |
|---|
| View the Analytics dashboard | ✓ | — | — | — |
| Export analytics as CSV | ✓ | — | — | — |
| Action | Admin | Policy Lead | Policy Editor | User |
|---|
| Sign in to the browser extension | ✓ | ✓ | ✓ | ✓ |
| Sign in to the Mac app | ✓ | ✓ | ✓ | ✓ |
| Disable the extension for a site (for yourself) | ✓ | ✓ | ✓ | ✓ |
| Pause the Mac app | ✓ | ✓ | ✓ | ✓ |
| Manage tenant-wide disabled sites | ✓ | — | — | — |
The roles above are built from granular permissions. An individual role is a bundle of permissions; you don’t assign permissions directly. This table is for anyone curious about the internals.
| Permission | Admin | Policy Lead | Policy Editor | User |
|---|
VIEW_POLICIES | ✓ | ✓ | ✓ | ✓ |
VIEW_POLICY_HISTORY | ✓ | ✓ | ✓ | ✓ |
VIEW_POLICY_RATIONALE | ✓ | ✓ | ✓ | — |
CREATE_POLICIES | ✓ | ✓ | ✓ | — |
EDIT_POLICIES | ✓ | ✓ | ✓ | — |
APPROVE_POLICIES | ✓ | ✓ | — | — |
DELETE_POLICIES | ✓ | ✓ | ✓ | — |
MANAGE_DIVISIONS | ✓ | ✓ | — | — |
MANAGE_POLICY_AREAS | ✓ | ✓ | ✓ | — |
MANAGE_USERS | ✓ | — | — | — |
VIEW_ANALYTICS | ✓ | — | — | — |
VIEW_AUDIT_LOGS | ✓ | — | — | — |
These are commonly-requested permissions that are not yet implemented. If one of them is a blocker for your rollout, contact support:
- Per-Division or per-Policy-Area role scoping. Current: roles are tenant-wide. Future: Policy Editors assigned only to specific Areas.
- “Suggest mode” — a role that can propose edits but not save them. Not planned — use the comments system instead.
- Custom roles with hand-picked permissions. Current: four fixed roles. Workarounds may be possible via contact with support.
- Read-only “Auditor” role with analytics access. Current: Analytics access is coupled to Admin.
