Roles and permissions explained
Roles and permissions explained
MediaMagic Verify controls access with two organisation roles and three workspace roles, so each person sees only what they need. Guests get temporary, link-only access without a role at all.
How roles work
Access is set in two layers:
Organisation role — everyone in your organisation is either an Org Admin or an Org Member. This is your account-level role.
Workspace role — within a given workspace, an org member is assigned one of Workspace Admin, Workspace Member, or Submitter. The same person can have a different workspace role in each workspace they belong to.
Admins assign these when they invite you, and can change them later. Access is enforced both in the interface (controls you cannot use are hidden) and on the server, so roles are applied consistently.
The roles
Org Admin — full platform access, including billing, integrations and member management across the organisation.
Org Member — a standard account holder. What they can do in any given workspace depends on their workspace role below.
Workspace Admin — full control of a workspace: settings, members, integrations, sidekick configuration, tags and folders (but not billing).
Workspace Member — can work with everything in the workspace — submissions, issues, sharing and review — but cannot configure sidekicks, manage integrations, manage members, or create/manage tags and folders.
Submitter — limited to submitting assets and seeing their own submissions in that workspace.
What each role can do
Capability | Org Admin | Workspace Admin | Workspace Member | Submitter |
|---|---|---|---|---|
View the dashboard | Yes | Yes | Yes | Own submissions only |
Create a submission | Yes | Yes | Yes | Yes |
View all workspace submissions | Yes | Yes | Yes | No (own only) |
Add a manual issue | Yes | Yes | Yes | No |
Change an issue's status | Yes | Yes | Yes | No |
Give issue feedback (thumbs up/down) | Yes | Yes | Yes | Yes |
Mark an asset complete or archive it | Yes | Yes | Yes | No |
View / download the Risk Report | Yes | Yes | Yes | No |
Export an audit report | Yes | Yes | Yes | No |
Share results via a magic link | Yes | Yes | Yes | No |
View tags and folders | Yes | Yes | Yes | No |
Create / manage tags and folders | Yes | Yes | No | No |
Configure sidekick rules | Yes | Yes | No | No |
View workspace members | Yes | Yes | Read-only | No |
Invite and manage members | Yes | Yes | No | No |
Edit workspace settings | Yes | Yes | No | No |
Manage integrations | Yes | Yes | No | No |
Manage billing | Yes | No | No | No |
Assign the Org Admin role | Yes | No | No | No |
A few things worth knowing
Org Admin is special. Only an Org Admin can manage billing and grant the Org Admin role to someone else.
Workspace Admins run the workspace. They can do everything within a workspace — including configuring sidekicks, managing integrations and members — but billing and org ownership stay with the Org Admin.
Workspace Members do the review work. They handle the full review and collaboration workflow — issues, status changes, sharing — but can't change how the workspace itself is configured (sidekicks, integrations, members, settings, or tags/folders).
Submitters see only their own work. Their dashboard and submission views are limited to what they have submitted. They can still give thumbs feedback on their own issues.
Guests (magic-link access)
A Guest is not a role. It is temporary access granted by a magic link so someone without an account can view a specific submission — for example a creative team or agency. The link is read-only, scoped to that one submission, time-limited, and can be revoked. See Reviewing, resolving and sharing issues for how to share via a magic link.
In short
Org Admins control the organisation and billing; Workspace Admins run a workspace; Workspace Members do the review work; Submitters add and track their own work. Guests get temporary, link-only access to a single submission. If you need more access, ask an Org Admin or Workspace Admin to update your role.