User Roles and Permissions

Understanding roles and permissions in Alingo helps you configure appropriate access for your team members and maintain security while enabling collaboration.

Overview

Alingo uses a dual-role system:

Organization Roles - Control administrative access
Functional Roles - Determine feature access

Every user has BOTH an organisation role AND a functional role.

Example: Jane might be an "Admin" (organisation role) with "Legal" (functional role), giving her both administrative privileges and full legal feature access.

Organisation Roles

These roles control administrative capabilities within your organisation.

Owner

Who should have this: The primary account holder, typically the General Counsel or Legal Operations lead.

Capabilities:

✅ Full administrative access
✅ Manage all users (invite, edit, deactivate, delete)
✅ Delete organisation
✅ Manage billing and subscription
✅ Configure all integrations
✅ Access audit logs
✅ Modify organisation settings
✅ All permissions of Admin + Member roles

Restrictions:

❌ Cannot be removed by other admins
❌ Organisation must always have at least one owner

Best Practices:

Limit to 1-2 people maximum
Use for C-suite legal leadership only
Consider succession planning

Admin

Who should have this: Senior legal team members who manage the platform.

Capabilities:

✅ Invite and manage users (except remove Owner)
✅ Configure integrations
✅ Access audit logs
✅ Modify organisation settings
✅ View billing information
✅ All permissions of Member role

Restrictions:

❌ Cannot delete organisation
❌ Cannot remove Owner
❌ Cannot modify billing/payment methods

Best Practices:

Assign to legal operations staff
Typically 2-5 people per organisation
Balance security with operational needs

Member

Who should have this: All other users in your organisation.

Capabilities:

✅ Use all assigned features (based on functional role)
✅ View their own profile
✅ Change their own notification preferences
✅ Access shared resources (playbooks, documents)

Restrictions:

❌ Cannot invite users
❌ Cannot modify organisation settings
❌ Cannot access admin features
❌ Cannot view audit logs

Best Practices:

Default role for most users
Review and confirm periodically
Upgrade to Admin only when necessary

Functional Roles

These roles determine which features and capabilities users can access.

Admin (Functional)

Who should have this: Platform administrators and power users who need access to everything.

Feature Access:

✅ AI Assistant (all modes)
✅ Document Vault (upload, manage, delete)
✅ Playbooks (create, edit, share, delete)
✅ Marketplace (browse, add templates)
✅ Guardrails (create, edit, delete)
✅ Legal Tickets (view all, create, assign)
✅ Chrome Extension (all features)
✅ All integrations
✅ Advanced settings

Use Cases:

Legal operations managers
Platform administrators
Power users who configure the system

Legal (Functional)

Who should have this: Legal professionals who create and manage legal content.

Feature Access:

✅ AI Assistant (all modes)
✅ Document Vault (upload, manage, organize)
✅ Playbooks (create, edit, share)
✅ Marketplace (browse, add, fork templates)
✅ Guardrails (create, edit - to set business boundaries)
✅ Legal Tickets (view all, respond, resolve)
✅ Chrome Extension (all features)
✅ Document analysis and clause extraction
✅ Integrations (view status, use features)

Restrictions:

❌ Cannot delete critical resources without permission
❌ Limited admin configuration access

Use Cases:

Lawyers and legal counsel
Paralegals
Legal researchers
Contract managers

Business (Functional)

Who should have this: Business users who need self-service legal capabilities within guardrails.

Feature Access:

✅ AI Assistant (standard and web search modes)
✅ Document Vault (upload, view own documents)
✅ Playbooks (view and use approved templates)
✅ Marketplace (browse templates)
✅ Legal Tickets (create, view own tickets)
✅ Chrome Extension (basic features on approved documents)

Restrictions:

❌ Cannot create/edit playbooks
❌ Cannot create/edit guardrails
❌ Cannot use document search mode without approved documents
❌ Cannot access other users' documents
❌ Cannot configure integrations
❌ Limited to guardrail-approved actions

Use Cases:

Sales teams
Procurement specialists
HR professionals
Business development
Any non-legal staff needing legal resources

Permission Matrix

Detailed breakdown of permissions by role combination:

Administrative Permissions

|------------|-------|-------|--------|

| Delete organisation | ✅ | ❌ | ❌ |

| Manage billing | ✅ | View only | ❌ |

| Invite users | ✅ | ✅ | ❌ |

| Edit user roles | ✅ | ✅ (except Owner) | ❌ |

| Deactivate users | ✅ | ✅ | ❌ |

| Delete users | ✅ | ❌ | ❌ |

| Configure integrations | ✅ | ✅ | ❌ |

| Access audit logs | ✅ | ✅ | ❌ |

| Modify organisation settings | ✅ | ✅ | ❌ |

Feature Permissions (by Functional Role)

|---------|-------|-------|----------|

| AI Assistant - Standard Chat | ✅ | ✅ | ✅ |

| AI Assistant - Document Search (RAG) | ✅ | ✅ | Limited* |

| AI Assistant - Web Search | ✅ | ✅ | ✅ |

| AI Assistant - Document Drafting | ✅ | ✅ | Templates only |

| Upload Documents | ✅ | ✅ | ✅ |

| View All Documents | ✅ | ✅ | Own only |

| Delete Documents | ✅ | ✅ | Own only |

| Create Playbooks | ✅ | ✅ | ❌ |

| Edit Playbooks | ✅ | ✅ | ❌ |

| View Playbooks | ✅ | ✅ | ✅ |

| Use Playbook Templates | ✅ | ✅ | ✅ |

| Fork Marketplace Templates | ✅ | ✅ | ❌ |

| Create Guardrails | ✅ | ✅ | ❌ |

| View Guardrails | ✅ | ✅ | ✅ |

| Create Legal Tickets | ✅ | ✅ | ✅ |

| Assign Tickets | ✅ | ✅ | ❌ |

| Resolve Tickets | ✅ | ✅ | ❌ |

| Chrome Extension - Full Features | ✅ | ✅ | Limited** |

| Analyse Documents for Clauses | ✅ | ✅ | ❌ |

| Configure Integration Settings | ✅ | View only | ❌ |

Business users can search documents within guardrail-approved scope

** Business users limited to approved document actions

Role Assignment Examples

Scenario 1: Small Legal Team (5 people)

General Counsel

Organization Role: Owner
Functional Role: Legal
Rationale: Needs full control and legal capabilities

Legal Operations Manager

Organization Role: Admin
Functional Role: Admin
Rationale: Manages the platform and users

2 Associate Counsels

Organization Role: Member
Functional Role: Legal
Rationale: Create content, don't need admin access

Paralegal

Organization Role: Member
Functional Role: Legal
Rationale: Support legal team, use all features

Scenario 2: Legal + Business Users (20 people)

Chief Legal Officer

Organization Role: Owner
Functional Role: Legal

2 Legal Operations Specialists

Organization Role: Admin
Functional Role: Admin

3 Lawyers

Organization Role: Member
Functional Role: Legal

2 Paralegals

Organization Role: Member
Functional Role: Legal

12 Business Users (Sales, Procurement, HR)

Organization Role: Member
Functional Role: Business

Changing User Roles

Who Can Change Roles

Owners can change any role (except their own)
Admins can change Member and Admin roles (not Owner)
Members cannot change any roles

How to Change a User's Role

Navigate to Settings > Users tab
Find the user in the list
Click the menu icon (⋮) next to their name
Select "Edit Roles"
Choose new Organization Role and/or Functional Role
Click "Save Changes"

[SCREENSHOT: Edit user roles dialog]

The change takes effect immediately - the user may need to refresh their browser.

When to Change Roles

Promote to Admin when:

User needs to manage other users
User handles integration configuration
User requires audit log access
User manages organization settings

Change Functional Role when:

Job responsibilities change
User needs different feature access
User moves from Business to Legal team (or vice versa)

Demote when:

User no longer needs administrative access
User changes departments
Security review recommends reduction

Best Practices

Principle of Least Privilege

Give users only the access they need:

Start with Member + Business for new users
Upgrade to Legal when they need to create content
Reserve Admin for true administrators (2-5 people max)
Limit Owner to 1-2 people

Regular Access Reviews

Quarterly review process:

Export user list from Settings > Users
Review each user's roles
Verify roles match current job functions
Remove access for departed employees
Downgrade users who no longer need elevated access

Onboarding Process

New user checklist:

Determine appropriate functional role (Business vs Legal)
Assign Member organisation role by default
Send invitation with role clearly stated
Provide role-specific training
Review access after 30 days

Offboarding Process

When a user leaves:

Deactivate account immediately (Settings > Users > Deactivate)
Review and reassign their open tickets
Transfer ownership of critical playbooks
Document their contributions in audit log
After 90 days, consider deletion (Owner only)

Security Considerations

Role Separation

Never combine:

Owner + Business role (inappropriate access level)
Member org role + need to manage users (promote to Admin)

Always separate:

Administrative access from day-to-day business access
Legal content creation from administrative functions

Audit Trail

All role changes are logged:

Who made the change
When it was made
What changed (from X role to Y role)
IP address and user agent

View audit logs: Settings > Audit tab

Troubleshooting

User can't access a feature

Check:

Their functional role (Admin, Legal, or Business)
The feature requirements (see permission matrix)
Whether they need role upgrade
Organisation-wide feature flags

User can't be promoted to Owner

Reason: Organisation can have multiple Owners

Solution: Current Owner can promote them via Settings > Users > Edit Roles

Changes not taking effect

Try:

User should refresh browser (F5 or Cmd+R)
Clear browser cache
Sign out and sign back in
If persists, contact support

Can't find user management

Check:

You need Owner or Admin organization role
Navigate to Settings (top-right menu) > Users tab
If still not visible, you're likely a Member (contact your admin)

Related Articles: