User Permissions
Grail uses role-based access control (RBAC) to manage what users can do within your organization. Every user is assigned a role that determines their permissions.
There are three roles, from most restricted to most powerful:
- Viewer — The default role. Browse and search the media library.
- Editor — Everything a Viewer can do, plus manage tags, storage sources, and jobs.
- Admin — Full control, including user management.
Permissions by Role
Section titled “Permissions by Role”| Action | Viewer | Editor | Admin |
|---|---|---|---|
| Browse and search assets | ✓ | ✓ | ✓ |
| Stream and preview media | ✓ | ✓ | ✓ |
| View transcripts | ✓ | ✓ | ✓ |
| Add comments and reactions | ✓ | ✓ | ✓ |
| Update own profile | ✓ | ✓ | ✓ |
| Change own password | ✓ | ✓ | ✓ |
| Create and edit tags | ✓ | ✓ | |
| Add and remove tags on assets | ✓ | ✓ | |
| Manage storage sources | ✓ | ✓ | |
| Trigger indexing, transcription, and proxy jobs | ✓ | ✓ | |
| Create new users | ✓ | ||
| Change user roles and status | ✓ | ||
| Delete users | ✓ |
Signup
Section titled “Signup”When a new organization is created through the signup page, the first account becomes the organization’s Admin. That admin can invite teammates, manage roles, and send password resets from the Users page.
Managing Users
Section titled “Managing Users”Admins can manage users from the Users page in the navigation bar.
From this page you can:
- Create users — set their name, email, password, and role
- Edit users — change roles or update user details
- Delete users — remove a user with a confirmation dialog
- View user status — see who is active, pending, or suspended
- Track last login — monitor user activity
- Send password resets — help users regain access without changing their password directly