Kasimir Docs DEEN To the app →

Roles & permissions

Who can do what in Kasimir — the three company roles Owner, Administrator and Member, plus project roles and Kasimir staff.

Kasimir is multi-tenant: every company (your "tenant") is an isolated space with its own members, data and settings. Within a company, a member's role controls what they can see and change. There are exactly three company roles — Owner, Administrator and Member — plus the platform-wide special role of Kasimir staff. This chapter explains each role, what it concretely allows, and how roles are assigned.

The three company roles at a glance

Every member of a company has exactly one role. The roles are hierarchical: an Administrator can do everything a Member can, plus manage the company. The Owner can additionally perform the few especially sensitive actions.

Role

Label in the UI

Short description

owner

Inhaber (Owner)

Full access incl. legally binding actions (sign the DPA, remove members).

admin

Administrator

Manages the company, members, settings and budgets.

member

Mitglied (Member)

Everyday use: chat, documents, meetings, projects, assistants.

ℹ️

In the UI and in this guide we often group Owner and Administrator together as "admins", because both may open the management area under Administration. Only where it explicitly says "Owner only" is the action reserved for the Owner.

Mitglieder Verwalten Sie die Mitglieder Ihres Arbeitsbereichs Mitglied einladen AS Anna Schmidt Du anna.schmidt@firma.de INHABER Zuletzt aktiv: vor 5 Min. MK Markus Klein markus.klein@firma.de ADMINISTRATOR Zuletzt aktiv: vor 2 Std. JW Julia Wagner julia.wagner@firma.de MITGLIED Zuletzt aktiv: gestern TB Thomas Bauer thomas.bauer@firma.de MITGLIED Zuletzt aktiv: vor 3 Tagen Ausstehende Einladungen peter.fischer@firma.de Eingeladen am 18.06.2026 Offen Erneut senden
Member list under Administration → Members: role and last sign-in per person.

Member

Member is the default role for all employees. Members use the product day to day but have no access to the management area.

A Member can:

  • Chat with all enabled AI models and use web search, file uploads and tools (as far as the company has enabled them).

  • Upload documents and search them via RAG inside chats.

  • Record, transcribe and analyze meetings (private to the uploader unless assigned to a project).

  • Create projects and act as their owner (project roles are independent of the company role — see below).

  • Create assistants, workflows and texts, and edit the ones they created themselves.

  • Manage their own account settings (profile, avatar, custom instructions, theme).

A Member cannot: invite or remove others, change company or chat settings, enable models, set budgets, or open the management area. If a Member opens an Administration page directly, they are automatically redirected back to the chat.

Administrator

The Administrator has all the rights of a Member, plus full access to the Administration management area. Administrators run the company day to day.

An Administrator can:

  • Invite members (as Administrator or Member) and resend pending invites, copy their link, or revoke them.

  • Create, rename and delete teams and add/remove members to/from teams.

  • Maintain company details: name, size, industry, address, VAT ID, email domain and auto-join domains.

  • Set branding (logo, accent color).

  • Configure chat settings: default model, web-search default, allow file uploads, system-prompt addendum, usage guidelines.

  • Enable/disable AI models and allow non-EU models.

  • Manage budgets & limits: the monthly company budget and per-employee personal spend limits.

  • View usage & billing, analytics and API usage.

  • Manage API keys, webhooks, automations, datasets, mandatory trainings, the translator glossary and skills.

  • Pin assistants into the sidebar company-wide.

💡

Need a second person to help with ongoing administration? Invite them as an Administrator rather than sharing Owner rights. Administrators cover practically all management tasks — without the Owner's legally binding special rights.

Owner

The Owner has all the rights of an Administrator, plus the few especially sensitive actions that are final or legally binding.

Only the Owner can:

  • Sign the Data Processing Agreement (DPA / AVV) — the legally binding GDPR agreement under Administration → DPA.

  • Remove members from the company.

Every company must keep at least one Owner. The Owner cannot remove themselves.

⚠️

Removing a member and signing the DPA are irreversible and/or legally binding. These rights are deliberately restricted to the Owner.

How roles are assigned and changed

The role is set at invite time. When inviting, only Administrator and Member are selectable — the Owner role cannot be granted via an invite.

ℹ️

Changing a role afterwards (e.g. promoting a Member to Administrator, or transferring ownership) is currently not available in the company UI. Such role changes — including appointing a new Owner — are performed for you by Kasimir support. Contact the Kasimir team for this. When transferring ownership, at least one Owner must always remain.

You can see each member's current role under Administration → Members, shown next to their name.

Project roles (separate from company roles)

Projects are shared workspaces below the company and have their own roles, independent of the company role. Whoever creates a project becomes its owner — regardless of whether they are a Member or Administrator at the company level.

Project role

May

owner

Manage the project, add/remove members, delete the project. Cannot be removed; not transferable in v1.

manager

Change project settings and manage members.

member

Work in the project: see and use shared chats, documents and meetings.

By default chats are private, documents are company-wide, and meetings are private to the uploader. Assigning any of these to a project makes them visible to all project members.

Kasimir staff (platform level)

Above the company roles sits a platform-wide special role: Kasimir staff (technically the profile flag is_kasimir_staff). These are not members of your company but the operator team.

Kasimir staff:

  • See an additional Verwaltung (Management) entry in the sidebar and open the platform-wide admin area under /admin (overview, company list, cross-tenant tickets, announcements, changelog, media).

  • Can handle support tickets across tenants and change roles in any company — including appointing Owners.

  • Can sign in as a specific user for support purposes ("Anmelden als" / impersonation).

ℹ️

This role is reserved for the Kasimir operations team and is set directly in the database — it cannot be granted through the normal member management.

Quick reference: who can do what?

Action

Member

Administrator

Owner

Use chat, documents, meetings, projects

Create own assistants/workflows/texts

Open the Administration management area

Invite members / manage invites

Manage teams

Company, chat & branding settings

Enable AI models, set budgets & limits

API keys, webhooks, datasets, trainings

Remove members

Sign the DPA (GDPR agreement)