Appearance
Roles & Permissions
Junto uses five roles to control what users can see and do within your organization. Each role inherits all permissions from the roles below it.
Role Overview
| Role | Description |
|---|---|
| Owner | Full system access including billing and subscription management |
| Admin | Full operational access — integrations, settings, user management |
| Manager | Operational metrics, analytics, and advisor insights |
| Operator | Day-to-day operations, approve agent actions and recommendations |
| Technician | Execute workflows, view tickets and runbooks, use the AI assistant |
What Each Role Can Do
Owner
Everything an Admin can do, plus:
- Manage billing and subscription
- Transfer organization ownership
Admin
Everything a Manager can do, plus:
- Configure and manage all integrations
- Invite users, update roles, and remove members
- Manage organization settings and AI configuration
- Configure signal processors
- Create and manage tool approval policies
- Manage notification channels and knowledge base settings
- Configure the service catalog, intelligence alerts, and weekly summaries
- Manage the runbook template library
Manager
Everything an Operator can do, plus:
- View the Efficiency Dashboard and technician metrics
- Access the Timeline view
- View signal analytics and operational reports
- View Advisor summary and recommendation metrics
- View revenue opportunity summaries
- Manage escalations
Operator
Everything a Technician can do, plus:
- Approve or dismiss Advisor recommendations
- Approve or dismiss agent Action Requests
- Handle real-time agent tool approval requests
Technician
Base level of access for all organization members:
- View and interact with tickets
- View and execute runbooks
- Use the AI assistant
- View company details
- View the main dashboard
Permission Flags
In addition to roles, two permission flags can be enabled for any user regardless of their role. Admins manage these per-user in Settings > User Management.
Billing Admin
Controls whether the AI agent has access to financial tools (agreements, invoices, financial reports) when acting on behalf of this user. A Technician with Billing Admin enabled can use financial tools through the agent, while an Admin without it cannot.
Default: Off.
Escalation Approver
Controls whether this user receives escalation notifications (via Slack or Teams DM) and can approve or reject escalation requests. At least one user in your organization should have this enabled.
Default: Off. Automatically enabled for the organization owner.
Page Access by Role
| Page | Minimum Role |
|---|---|
| Dashboard | Technician |
| AI Assistant | Technician |
| Companies | Technician |
| Tickets | Technician |
| Runbooks | Technician |
| Advisor | Technician (approve/reject requires Operator) |
| Timeline | Manager |
| Efficiency | Manager |
| Settings | Admin |
| Billing | Owner |
Agent Tool Policies
Admins can configure approval policies for each agent tool via Settings > Tool Policies. Policies control whether the AI agent can use a tool automatically or must request approval first. See AI Settings for more on configuring agent behavior.