Roles and permissions
OttoTester has two tiers of access. They answer different questions:
- Org-tier roles — who governs the organization: billing, membership, workspace creation.
- Workspace-tier roles — who can do the testing work inside a given workspace.
The two are independent. You can be an org member but a workspace admin, or an org owner who is only a reviewer on a sensitive workspace.
Org-tier roles
Section titled “Org-tier roles”Set per organization. Four roles:
| Capability | Owner | Admin | Billing | Member |
|---|---|---|---|---|
| View the org, list members | ✓ | ✓ | ✓ | ✓ |
| Manage members and teams | ✓ | ✓ | — | — |
| Manage org settings | ✓ | ✓ | — | — |
| Create workspaces | ✓ | ✓ | — | ✓ |
| View billing | ✓ | ✓ | ✓ | — |
| Change billing (payment, plan) | ✓ | — | ✓ | — |
| Delete the org, transfer ownership | ✓ | — | — | — |
Member is the floor — someone who’s in the org and can create workspaces, but has no governance power and no automatic access to any workspace.
Workspace-tier roles
Section titled “Workspace-tier roles”Set per workspace. Three roles:
| Capability | Admin | Tester | Reviewer |
|---|---|---|---|
| View applications, variants, tests, runs, reports | ✓ | ✓ | ✓ |
| Create and run tests; edit apps, variants, test data, hints | ✓ | ✓ | — |
| Read and write credentials | ✓ | ✓ | — |
| Manage workspace settings and membership | ✓ | — | — |
| Delete the workspace | ✓ | — | — |
Reviewer is read-only — right for stakeholders who just watch results. Tester is the working role. Admin runs the workspace.
One exception worth knowing: an org owner has implicit admin on every workspace in the org — a deliberate break-glass path. No other org role gets implicit workspace access; an org admin must be granted into a workspace explicitly.
Account-level
Section titled “Account-level”Some things aren’t tied to either tier. Every user, whatever their roles, can manage their own profile, password and sessions, notification preferences, and API tokens.
”Why can’t I do X?”
Section titled “”Why can’t I do X?””If a button or page isn’t there, it’s almost always a role gap. Work out which tier the action belongs to:
- Can’t change billing, invite org members, delete the org → an org-tier limit.
- Can’t create a test, edit a variant, change workspace settings → a workspace-tier limit.
OttoTester shows you only what your roles allow, so a missing control means “your role doesn’t include this,” not “this is broken.” Ask an org or workspace admin to adjust your role.
Related
Section titled “Related”- Workflow → Set up a workspace
- Concept → Organizations
- Reference → Settings, API tokens