User Permissions
Grail uses role-based access control (RBAC) to manage what users can do within your organization. Every user is assigned a role that determines their permissions.
Roles
There are three roles, from most restricted to most powerful:
- Viewer — The default role. Browse and search the media library.
- Editor — Everything a Viewer can do, plus manage tags, storage sources, and jobs.
- Admin — Full control, including user management.
Permissions by Role
| Action | Viewer | Editor | Admin |
|---|---|---|---|
| Browse and search assets | ✓ | ✓ | ✓ |
| Stream and preview media | ✓ | ✓ | ✓ |
| View transcripts | ✓ | ✓ | ✓ |
| Add comments and reactions | ✓ | ✓ | ✓ |
| Update own profile | ✓ | ✓ | ✓ |
| Change own password | ✓ | ✓ | ✓ |
| Create and edit tags | ✓ | ✓ | |
| Add and remove tags on assets | ✓ | ✓ | |
| Manage storage sources | ✓ | ✓ | |
| Trigger indexing, transcription, and proxy jobs | ✓ | ✓ | |
| Create new users | ✓ | ||
| Change user roles and status | ✓ | ||
| Delete users | ✓ |
Managing Users
Admins can manage users from the Users page in the navigation bar.
From this page you can:
- Create users — set their name, email, password, and role
- View user status — see who is active, pending, or suspended
- Track last login — monitor user activity