> ## Documentation Index
> Fetch the complete documentation index at: https://docs.useinvent.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Custom Roles

> Create roles with granular permissions tailored to your team

Built-in roles (Admin, Developer, Manager, Agent) cover most teams, but **custom roles** let you grant a precise set of permissions. Custom roles are available on the Business plan.

## Built-in vs custom roles

* **Built-in roles** are fixed and read-only: Admin, Developer, Manager, and Agent. Their permissions can't be changed.
* **Custom roles** are roles you create with your own name, color, description, and a tailored permission set.

A member has **either** one built-in role **or** one or more custom roles. Custom roles take precedence: when a member holds custom roles, those define their access.

## Permission levels

In the role editor, each resource (Members, Inbox, Contacts, Analytics, and so on) has three access levels:

* **None** — no access.
* **View** — read-only access.
* **Manage** — full access (view, create, edit, delete).

Some resources have sub-resources (for example, Contact properties under Contacts). Setting a parent to **Manage** cascades to its sub-resources, which you can still override individually.

A few permissions are **reserved** for built-in admins (billing, SSO, audit logs, sub-organizations) and can't be granted through a custom role.

## Creating a custom role

<Steps>
  <Step title="Open Roles">
    Go to **Settings → Members & Roles → Roles** and select **Create role**.
  </Step>

  <Step title="Name and color">
    Give the role a name, pick a color, and add an optional description.
  </Step>

  <Step title="Set permissions">
    For each resource, choose None, View, or Manage.
  </Step>

  <Step title="Save">
    Select **Save changes**. The role now appears under **Custom roles**.
  </Step>
</Steps>

## Assigning custom roles

You can assign custom roles to a member from the members list, or stage them on an invite.

<Warning>
  Assigning a custom role drops the member to the **Agent** base role. They keep only the custom role's access, and removing all of their custom roles later leaves them as an Agent, not their previous built-in role. This is a safety measure so elevated access never lingers.
</Warning>

You can only grant a custom role when every permission it includes is one you hold yourself (the subset rule), so you can never elevate a member beyond your own access.

## Inviting with custom roles

When you invite a member, you can pick a built-in role or one or more custom roles. If you choose custom roles, the invitee joins at the Agent base plus those roles when they accept. If a staged custom role is deleted before the invite is accepted, the invite is removed.

## The roles matrix

**Settings → Members & Roles → Roles Matrix** shows every role (built-in and custom) as a column and every resource as a row, so you can compare access at a glance.

## White-label visibility

In a white-labeled workspace, members with the Manager, Agent, or a custom role can't see Admin or Developer members. This keeps a clean, branded experience for client-side teams.