Roles & Permissions
Junto uses five roles to control what users can see and do within your organization. Each role inherits all permissions from the roles below it.
Role Overview
Role | Description |
Owner | Full system access including billing and subscription management |
Admin | Full operational access β integrations, settings, user management |
Manager | Operational metrics, analytics, and advisor insights |
Operator | Day-to-day operations, approve agent actions and recommendations |
Technician | Execute workflows, view tickets and runbooks, use the AI assistant |
What Each Role Can Do
Owner
Everything an Admin can do, plus:
Manage billing and subscription
Transfer organization ownership
Admin
Everything a Manager can do, plus:
Configure and manage all integrations
Invite users, update roles, and remove members
Manage organization settings and AI configuration
Configure signal processors
Create and manage tool approval policies
Manage notification channels and knowledge base settings
Configure the service catalog, intelligence alerts, and weekly summaries
Manage the runbook template library
Manager
Everything an Operator can do, plus:
View the Efficiency Dashboard and technician metrics
Access the Timeline view
View signal analytics and operational reports
View Advisor summary and recommendation metrics
View revenue opportunity summaries
Manage escalations
Operator
Everything a Technician can do, plus:
Approve or dismiss Advisor recommendations
Approve or dismiss agent Action Requests
Handle real-time agent tool approval requests
Technician
Base level of access for all organization members:
View and interact with tickets
View and execute runbooks
Use the AI assistant
View company details
View the main dashboard
Permission Flags
In addition to roles, two permission flags can be enabled for any user regardless of their role. Admins manage these per-user in Settings > User Management.
Billing Admin
Controls whether the AI agent has access to financial tools (agreements, invoices, financial reports) when acting on behalf of this user. A Technician with Billing Admin enabled can use financial tools through the agent, while an Admin without it cannot.
Default: Off.
Escalation Approver
Controls whether this user receives escalation notifications (via Slack or Teams DM) and can approve or reject escalation requests. At least one user in your organization should have this enabled.
Default: Off. Automatically enabled for the organization owner.
Page Access by Role
Page | Minimum Role |
Dashboard | Technician |
AI Assistant | Technician |
Companies | Technician |
Tickets | Technician |
Runbooks | Technician |
Advisor | Technician (approve/reject requires Operator) |
Timeline | Manager |
Efficiency | Manager |
Settings | Admin |
Billing | Owner |
Agent Tool Policies
Admins can configure approval policies for each agent tool via Settings > Tool Policies. Policies control whether the AI agent can use a tool automatically or must request approval first. See AI Settings for more on configuring agent behavior.