Roles and Permissions in Rudder Lookout
Private Beta
Understand what owners, admins, members, and guests can do in a Lookout workspace.
Access within a Lookout workspace follows clear roles. Every member can chat, build dashboards, and read and write knowledge, while configuration and connected accounts are reserved for admins and the owner. Unregistered users can be given read-only guest access.
Workspace roles
Membership comes with one of three primary roles:
These roles and boundaries are enforced by Lookout, not just hidden in the interface.
| Role | What they can do | Notes |
|---|
| Member | Use the chat agent, build and view dashboards, read and write Context Hub docs and notes, and work with Measurement Plans | The everyday working role — they get the full conversational product but can’t change team configuration or connected accounts |
| Admin | Everything a member can do, plus edit settings, connect warehouses and data sources, manage the RudderStack and Slack connections, create invites, and add, remove, promote, or demote members | Admins are peers — any admin can change another admin’s role. The owner is the only exception — they can’t be demoted or removed |
| Owner | Everything an admin can do, plus rename and delete the workspace | Every workspace has exactly one owner — the person who created it |
Guest access (read-only)
Beyond the three member roles, Lookout also supports guest access for people who are not registered workspace members. Guests can read and ask, but never edit or change — they can’t edit dashboards, write to connected systems, or act on the team’s behalf.
Guest access is available in two contexts:
1. Slack
A Slack user who hasn’t yet linked a Lookout account can ask read-only questions in bound channels and DMs. Guest access is enabled by default. However, an admin can disable it via the Allow guest access in Slack toggle under Settings > Slack.
Once a user links their account (with /lookout connect), they act as their full workspace identity. See the Slack integration guide for more information.
2. Public links
Anyone with an access to a public dashboard link can view it read-only, without sign-in. Public sharing is controlled by an admin.
Membership and trust
A member and an admin share the same connected systems for the team. For example, the team’s RudderStack connection is configured once for the whole workspace, so anyone who can drive the chat agent works through the same connection.
Treat workspace membership itself as the meaningful access decision — roles separate configuration duties from everyday use. See Security and Data Handling for more information.
Add and manage members
Owners and admins can manage members from Settings > Members, and add new people with invite links.
Questions? We're here to help.
Join the RudderStack Slack community or email us for support
