Roles and permissions

Learn about roles and permissions in Knock.

Learn more about the roles available to members of your Knock account.


Knock uses an account-level roles model, where a given account member's role determines what they'll be able to do in your account. You set an account member's role when you invite them to the Knock dashboard. You can update their role in the members tab of account settings. Learn more in our managing members documentation.

Here's an overview of the five roles available to Knock account members:

  • Owner. For your primary admin who manages billing. This role can invite and manage members, manage billing, and do anything available in the admin role. Your account must always have at least one account owner.
  • Admin. For admins who need to manage account-level settings. This role can invite and manage members (excluding owner and billing roles), manage account branding, manage environments, and manage advanced developer concepts such as signing keys, enhanced security mode, variables, and webhooks. This role has all permissions available to the member role.
  • Member. For users who are editing notification workflows and templates in Knock. This role can manage workflows, layouts, users, objects, and tenants. It can make commits and push changes to subsequent environments, and has full access to message and API logs for debugging.
  • Support. For users who shouldn't have access to workflows and templates, but should be able to dig into message and API logs for debugging purposes.
  • Billing. For account members who shouldn't have access to anything in Knock but billing.

For a complete overview of which permissions are available to which roles, see our lookup table below.

Roles and permissions lookup table

Knock roles and permissions grid