Skip to main content
Runa has two independent role systems:
  • Organization roles — Owner / Admin / Member — control who can manage your team and billing.
  • Folder roles — Owner / Editor / Viewer — control who can see and edit the content in a particular folder.
The two don’t overlap automatically. Being an Admin in your org doesn’t make you the Owner of every folder, and being an Editor of a folder doesn’t grant any org-level rights.

Organization roles

Every org member has exactly one of these three roles. All permission checks are enforced server-side, so the table below is the ground truth.
CapabilityOwnerAdminMember
View the member rosterYesYesYes
Invite new membersYesYesNo
Choose role on invite (Member or Admin)YesYes
Change an existing member’s roleYesYesNo
Promote / demote an OwnerYesNoNo
Remove a memberYesYesNo
Rename the organizationYesYesNo
Delete the organizationYesNoNo
Leave the organizationYes¹YesYes
View billing and usageYesYesNo
Manage subscription, upgrades, codesYesYesNo
Allow org-wide speaker profilesYesYesNo
Edit your own titleYesYesYes
Override another member’s titleYesYesNo
¹ The system always blocks the last remaining Owner from leaving or being removed. Promote another member to Owner first.

What “Owner” means

There can be one or more Owners on an org. Owners are the only role that can:
  • Promote or demote another Owner.
  • Delete the organization itself.
Otherwise, day-to-day, an Admin can do everything an Owner can.

Free vs. paid plans

A handful of admin actions return a 402 Payment Required error on the Free plan if attempted by a non-Owner/Admin. In practice this means: the Free plan still has Owners and Admins, but some workspace-management actions are gated behind upgrading.

Folder roles

Folders are how Runa decides who can see which meetings. Each folder has its own roster of roles, separate from the org roster.
CapabilityOwnerEditorViewer
Read meetings in the folderYesYesYes
Edit meeting notes / titlesYesYesNo
Add new meetings to the folderYesYesNo
Change folder visibilityYesNoNo
Share via link / contactYesNoNo
Delete the folderYesNoNo
Folder visibility options:
  • Private — only you (default for new folders).
  • Org — every member of your organization.
  • Shared link — anyone with the invite URL.
  • Shared contact — specific contacts you’ve shared with.
When you share a folder via link or contact, you choose whether new members join as Editor or Viewer. You can’t grant Owner through a share link; ownership is transferred only by an existing Owner.
The Personal folder is protected. It’s auto-created for every user, can’t be deleted, and is always private to you. Meetings outside any explicit folder land there by default.

How enforcement works

All role checks happen server-side at the gateway:
  • Reads are scoped by WHERE clauses that include only resources you can access.
  • Writes are checked via a user_can_access_folder(folder_id, mode) helper before any mutation.
  • The desktop app surfaces denied actions as toast notifications (typically “You don’t have permission to do that”).
This means changing the UI doesn’t grant access — even if a button is visible, the server will reject the action if your role doesn’t permit it.
  • 2 Owners minimum. Single-Owner orgs work, but if that person leaves the company you’ll need support help to recover. Two Owners give you safe redundancy.
  • Use Admins liberally. Admin is the right default for anyone helping run the workspace — they can do everything Owners can except touch Owner status or delete the org.
  • Use folder visibility for project boundaries. Create an Org-visibility folder per project so the right people see the right meetings without needing case-by-case sharing.
  • Keep sensitive 1:1s in Personal. Performance reviews, hiring conversations, and similar should stay in your Personal folder, not in any shared folder.