# How to control which users can perform certain actions

Tability gives workspace owners and admins control over who can see, edit, and manage goals across the organization. These controls aim to set clear boundaries between Admins and account Owners (who can manage global settings and subscription levels) and users, who are primarily focused on updating their goals and viewing team progress. And while a transparent and accessible OKR process is best, your OKRs can match the privacy and control that are natural at your organization.&#x20;

## Roles in Tability

Your organization can set users with the following roles in Tability:&#x20;

* **Owner** - Has access to everything in Tability. Owners can view all plans, regardless of privacy settings at the plan level, as well as access the billing settings to change or cancel subscriptions. Any setting that restricts access to Admins only will also apply to Owners. This should be limited to only those who need absolute access– OKR program managers, executives, etc.&#x20;
* **Admin** - Can access workspace settings. Many features can be restricted to Admins only (Invitiations, plan creation, and more- see below). Admins should be limited to those who will be significantly involved in running your OKR process– not just team managers.&#x20;
* **IT Admin** - Will only have access to select admin settings and **won’t** have access to goals or the rest of the workspace. IT Admins will be able to set up SSO and manage security settings. This should be your IT team.&#x20;
* **User** - Anyone who will be updating a goal or creating dashboards. Users do not have access to any global settings and can have features restricted from them. This will be the bulk of your users.&#x20;
* **Read-only** - Read-only users can view plans and dashboards and leave comments on check-ins, but cannot update a goal or write OKRs or create dashboards. This works for anyone who wants to see the progress of your OKRs, but is not actively participating in the process.&#x20;

You can change a user's role from the admin settings under **Users**. Click on a user, then select their role from the drop down.&#x20;

{% hint style="info" %}
Plan admin is a separate role covered [below.](https://app.gitbook.com/o/68TfkDtiSemdEHxHIC0M/s/MULqjSmZyGczPy2I6FGH/~/edit/~/changes/195/become-a-tability-power-user/how-tos/page-1#plan-creation-deletion)&#x20;
{% endhint %}

## Available global restrictions

The following features are able to be limited to Admins:&#x20;

### Invites

By default, all users in Tability can invite other users to the platform. If you’d like to limit the option to invite others to only your admins, you can do so in the admin settings under **Access & Security** under **Restrict invites to admins only**.&#x20;

<figure><img src="/files/RMj4OgAtyeDAIk80HrjG" alt=""><figcaption></figcaption></figure>

### Plan creation/deletion

By default, all users in Tability can create plans (where your team will write their OKRs). If you’d like to restrict the ability to create (or delete) plans to only a select group of people, you can from the admin settings under **Access & Security** under **Plan permissions.**&#x20;

<figure><img src="/files/sqg3Og9RKnbC0JqqL40s" alt=""><figcaption></figcaption></figure>

Note: Setting Plan permissions to True will restrict the ability to create plans to Admins/Owners and **Plan admins**. A Plan admin is a permission level that’s able to be granted to individual users. To enable a user as a plan admin, you can go to the admin settings under **People**, select the user you’d like to enable, and change their Plan admin status to **Yes**.&#x20;

<figure><img src="/files/gOKndFj4XHEclyqlMSEO" alt="" width="375"><figcaption></figcaption></figure>

## Plan-level restrictions

Outside of global restrictions, each plan can have its own level of control. The plan creator can choose who can view or edit a plan. Restricting editors to a plan prevents other users from making changes to the content of a plan– which goals are included, what each outcome’s target is, and restricts who can enable data sources on outcomes.&#x20;

Plan editors can also adjust plan specific settings as well, such as:&#x20;

* Plan title
* Timeline
* Check-in frequency
* How many times in a row an outcome can be marked as “At risk”/Yellow
* The custom check-in prompt for outcomes within that plan

Restrict who can edit a plan by clicking on the lock icon at the top of the plan and choosing if the rest of the organization can view or edit the plan.&#x20;

<figure><img src="/files/5XQh3mvEU8B4bttdHktO" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://guides.tability.io/docs/become-a-tability-power-user/how-tos/how-to-control-which-users-can-perform-certain-actions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.