Guides
Roles & Permissions
Roles & Permissions
Geocodio teams use role-based access control (RBAC). There are eight roles in total: four Full seat roles that have product access (and are billed per user), three Lite seat roles that are free (for users who do not need to use the product but only need to access the dashboard for billing or compliance reasons), and a Custom role on Enterprise Unlimited. Full details on each role are available below.
Every team member has exactly one role. The role controls what that person can see and do, like which API keys they can manage, whether they can purchase credits, whether they can change billing, and so on.
Roles Available On Each Plan
Not every role is available on every plan. In the role assignment menu, roles that aren’t available on your plan appear greyed out with a note about which plan unlocks them.
| Role | Individual | Self-Serve Flex | Self-Serve Unlimited | Enterprise Flex | Enterprise Unlimited | On-Premises |
|---|---|---|---|---|---|---|
| Owner | ||||||
| Admin | ||||||
| Developer | ||||||
| Member | ||||||
| Billing | ||||||
| Compliance | ||||||
| Read-Only | ||||||
| Custom |
Full seats vs. Lite seats
Users who have product access need a Full seat. Users who only need billing or compliance access get a Lite seat.
Full seat: Owner, Admin, Developer, Member. Includes access to the API, API keys, spreadsheets, and maps. Billed per user, per billing period.
Lite seat: Billing, Compliance, Read-Only. No product access, so these roles can’t use the API, upload spreadsheets, or create maps. Free.
If a teammate only needs to handle billing, pull usage reports, or download audit logs, they don’t need a Full seat.
| Role | Lite | Full | Description |
|---|---|---|---|
| Owner | All permissions. The only role that can transfer ownership or delete the team account. Each team has exactly one Owner. | ||
| Admin | Everything except ownership transfer and team deletion. Manages the team, assigns roles, enforces 2FA, and accesses all resources. Multiple Admins allowed. | ||
| Developer | Creates and manages all API keys, views and uploads spreadsheets, manages their own maps, views the credit balance, manages billing, and manages instances and instance pools for Unlimited accounts. | ||
| Member | Creates their own API keys, uploads and downloads their own spreadsheets, manages their own maps, views others’ maps (read-only), and views the credit balance. Can’t view all API keys or purchase credits. | ||
| Billing | Views and edits billing, views and downloads usage, manages agreements, views and purchases credits. Can’t access the API, spreadsheets, maps, or geocoded data. | ||
| Compliance | Views and manages agreements, views and downloads audit logs, views and downloads usage. Can view or sign documents such as SOC 2 report, external penetration test reports, BAA, or DPA review. Only applies to Enterprise Flex, Enterprise Unlimited, and On-Premises. | ||
| Read-Only | View-only access to instances, usage, billing, and agreements. Can’t edit anything. Available on Enterprise Flex and Enterprise Unlimited only. | ||
| Custom | Enterprise Unlimited and On-Premises customers can create roles with a specific set of permissions. |
Guides
for everything Geocodio
Guides
for everything Geocodio
Roles & Permissions
Geocodio teams use role-based access control (RBAC). There are eight roles in total: four Full seat roles that have product access (and are billed per user), three Lite seat roles that are free (for users who do not need to use the product but only need to access the dashboard for billing or compliance reasons), and a Custom role on Enterprise Unlimited. Full details on each role are available below.
Every team member has exactly one role. The role controls what that person can see and do, like which API keys they can manage, whether they can purchase credits, whether they can change billing, and so on.
Roles Available On Each Plan
Not every role is available on every plan. In the role assignment menu, roles that aren’t available on your plan appear greyed out with a note about which plan unlocks them.
| Role | Individual | Self-Serve Flex | Self-Serve Unlimited | Enterprise Flex | Enterprise Unlimited | On-Premises |
|---|---|---|---|---|---|---|
| Owner | ||||||
| Admin | ||||||
| Developer | ||||||
| Member | ||||||
| Billing | ||||||
| Compliance | ||||||
| Read-Only | ||||||
| Custom |
Full seats vs. Lite seats
Users who have product access need a Full seat. Users who only need billing or compliance access get a Lite seat.
Full seat: Owner, Admin, Developer, Member. Includes access to the API, API keys, spreadsheets, and maps. Billed per user, per billing period.
Lite seat: Billing, Compliance, Read-Only. No product access, so these roles can’t use the API, upload spreadsheets, or create maps. Free.
If a teammate only needs to handle billing, pull usage reports, or download audit logs, they don’t need a Full seat.
| Role | Lite | Full | Description |
|---|---|---|---|
| Owner | All permissions. The only role that can transfer ownership or delete the team account. Each team has exactly one Owner. | ||
| Admin | Everything except ownership transfer and team deletion. Manages the team, assigns roles, enforces 2FA, and accesses all resources. Multiple Admins allowed. | ||
| Developer | Creates and manages all API keys, views and uploads spreadsheets, manages their own maps, views the credit balance, manages billing, and manages instances and instance pools for Unlimited accounts. | ||
| Member | Creates their own API keys, uploads and downloads their own spreadsheets, manages their own maps, views others’ maps (read-only), and views the credit balance. Can’t view all API keys or purchase credits. | ||
| Billing | Views and edits billing, views and downloads usage, manages agreements, views and purchases credits. Can’t access the API, spreadsheets, maps, or geocoded data. | ||
| Compliance | Views and manages agreements, views and downloads audit logs, views and downloads usage. Can view or sign documents such as SOC 2 report, external penetration test reports, BAA, or DPA review. Only applies to Enterprise Flex, Enterprise Unlimited, and On-Premises. | ||
| Read-Only | View-only access to instances, usage, billing, and agreements. Can’t edit anything. Available on Enterprise Flex and Enterprise Unlimited only. | ||
| Custom | Enterprise Unlimited and On-Premises customers can create roles with a specific set of permissions. |