Permissions

Permissions in Level are attached to nodes in the organization tree (Organization → Team → Sub-team). What a user can actually do at any given node is the combination of:

Roles they hold there (or at a parent node, if the role propagates).
Permission overrides specifically granted or denied for them.

The Effective permissions summary on a member's access dialog shows the final answer for that person.

Role Permissions panel showing the Owner role with permissions grouped by category — Administration, Reporting, Configuration and Operations, Clients — The Roles & Permissions panel — every permission lives in one of four categories; roles toggle them on or off.

The catalogue

Level ships with a fixed list of permissions, grouped by category:

Administration — managing teams and roles.
Reporting — viewing, exporting, and managing reports.
Configuration & Operations — placements, segments, budgets, settings.
Clients — viewing and editing clients.

These categories are how the Roles → Permissions editor groups the toggles. You can't add new permissions; admins build new roles that combine existing ones.

Roles vs overrides

Two layers, applied in order:

Roles are reusable bundles. A user holds zero or more roles at each node, and each role grants a set of permissions.
Overrides are user-specific tweaks: explicitly grant or deny one permission for one user at one node, on top of what their roles say.

The recommended pattern: express access through roles. Use overrides only for edge cases where a single person needs a one-off adjustment that doesn't justify a custom role.

Propagation

Each role has a propagate to child teams toggle:

On — the role applies at this node and every team / sub-team below it.
Off — the role applies only at the node it's assigned to.

Turn it on for "global" roles like an org-wide admin. Turn it off for team-specific roles that shouldn't bleed into sibling parts of the tree.

The Owner role always propagates — Owners have every permission everywhere, regardless of any toggle.

How Level decides "can I do this?"

When you try to take an action, Level resolves your effective permissions like this:

Gather every role you hold at this node, plus every propagating role you hold at parent nodes.
Union all the permissions those roles grant.
Apply your overrides:
- Deny removes a permission.
- Grant adds a permission.
- When the same permission is overridden at multiple nodes (e.g. team and organization), the closer node wins.
If you're an Owner anywhere in your tree, you get every permission unconditionally.

The result is the set of things you can do at that scope.

In this section

Roles — creating and editing roles, the Owner role, propagation.
Domains — every permission in the catalogue, by category.
Overrides — when (and when not) to use them.