Intervy uses role-based access control. Every organization member holds exactly one role, which carries a set of permission strings in the format resource:action. The API and frontend check these strings before allowing any sensitive operation.
Predefined roles
Intervy ships three system roles that every organization inherits. System roles cannot be edited or deleted.
| Role | Permissions | Best for |
|---|---|---|
| Admin | All permissions (59) | Founders, HR leads, system owners |
| Staffing | 38 permissions — everything except org management, billing control, and question/template approval | Recruiters, hiring coordinators |
| Interviewer | 7 permissions — conduct interviews, view questions, templates, credits, roles, and levels | Engineers and domain experts who conduct interviews |
Permission domains
Permissions are grouped into 14 resource domains. The full set of strings:
| Domain | Permissions |
|---|---|
org | org:manage, org:view, org:delete |
members | members:invite, members:remove, members:view |
roles | roles:create, roles:update, roles:delete, roles:view |
questions | questions:publish, questions:update, questions:delete, questions:view, questions:approve |
templates | templates:publish, templates:update, templates:delete, templates:view, templates:approve |
job_positions | job_positions:create, job_positions:update, job_positions:delete, job_positions:view |
job_roles | job_roles:create, job_roles:update, job_roles:delete, job_roles:view |
candidates | candidates:create, candidates:update, candidates:delete, candidates:view |
interviews | interviews:assign, interviews:view_all, interviews:conduct |
competencies | competencies:create, competencies:update, competencies:delete, competencies:view |
levels | levels:create, levels:update, levels:delete, levels:view |
billing | billing:manage, billing:view |
credits | credits:view |
offers | offers:create, offers:update, offers:send, offers:approve |
Creating a custom role
Walkthrough
Create a custom role
- Open Settings → Roles and select New role.
- Enter a name and optional description.
- Check the permissions you want to grant from the list above.
- Select Create. The new role appears in the roles list with a member count of zero.
Assign a role to a member
- Open Settings → Members.
- Find the member and select their current role to open a dropdown.
- Choose the new role and confirm. The change takes effect immediately — no re-login required.
Permissions reference
| Action | Permission | Default roles |
|---|---|---|
| List roles | roles:view | AdminStaffing |
| Create role | roles:create | Admin |
| Update role / reassign member role | roles:update | Admin |
| Delete role | roles:delete | Admin |
| Remove member | members:remove | Admin |
| Create offers | offers:create | no default role |
| Update offers | offers:update | no default role |
| Send offers | offers:send | no default role |
| Approve offers | offers:approve | no default role |
Troubleshooting
"Cannot update default role" — System roles (Org Admin, Staffing, Interviewer) cannot be edited. Create a custom role with the desired permissions instead.
"Cannot remove org owner" — The organization owner cannot be removed from the members list.
"Role does not belong to this org" — The role ID supplied when reassigning a member does not exist in this organization.