Roles & Permissions
Understand how app-scoped roles and account-wide ownership work in Stash Studio, including what each role can access.
Stash Studio uses role-based access control (RBAC) to help teams collaborate safely.
Most roles are assigned per app, which means a user can have different permissions on different apps.
Roles in Stash Studio
Stash Studio currently supports four app-scoped roles:
- Admin
- Developer
- Finance / Analytics
- Product / Live Ops
Each role controls what a user can view or manage for a specific app.
Owner role (account-wide)
The Owner role is separate from app-scoped roles.
- The first user on a Studio account is automatically assigned as Owner.
- Stash can also assign the Owner role to a user by email.
- Owner has access to everything across all apps.
Per-app role assignments
Roles are assigned per app, not globally.
That means the same user can have different responsibilities in different apps. For example:
- Admin on App A
- Finance / Analytics on App B
When users switch between apps, their available pages and actions update based on their role for the selected app.
Capability matrix
The matrix below summarizes access by role:
| Capability | Admin | Developer | Finance / Analytics | Product / Live Ops | Owner |
|---|---|---|---|---|---|
| Technical settings | Yes | Yes | No | No | Yes |
| Payouts | Yes | No | Yes | No | Yes |
| Analytics | Yes | No | Yes | Yes | Yes |
| Product / catalog | Yes | No | No | Yes | Yes |
| Logs | Yes | Yes | No | No | Yes |
| User management | Yes | No | No | No | Yes |
Restricted route behavior
If a user tries to access a route they do not have permission to view for the selected app, Studio blocks access and shows a restricted message:
"No access for this app — contact an Admin."
If this happens:
- Switch to the correct app (where you may have a different role), or
- Contact an Admin to request access for this app.
How is this guide?