Skip to main content
When many people collaborate in Caplena, it’s important that everyone has exactly the access they need. Caplena makes this easy through roles and object-level permissions. Below is the simplest possible explanation of how everything works.

The Two Things That Control Access:

1) Roles → Your default access everywhere

A role defines what someone can do across the whole Caplena workspace. Think of a role as your “driving license type”, it gives broad permissions. 
Screenshot 2026 05 30 At 09 17 13
What roles decide:
  • Can the user upload projects?
  • Edit topics and answers?
  • Create reports?
  • Spend credits on AI operations?
  • Manage the team or subscription?
Examples:
  • Someone with Admin can access everything.
  • Someone with Reporting Only can access only reports that are explicitly shared.
Roles = your baseline abilities across the whole organization.
You can find more information on roles here.

2) Object-Level Permissions → Extra access to a specific project or report

These permissions are added individually to:
  • one project
  • one report
Screenshot 2026 05 30 At 09 18 09
Example: A freelancer has a very restricted role (External Coder), but you give them access to 1 specific project. They will see only that project, nothing else. Object permissions can only ADD access they never remove what a role already provides.
You can find more information on project permissions here.

How the Two Types Work Together

Caplena evaluates access in this order:
  1. Role → global abilities
  2. Object-Level Permissions → extra access
  3. Permissions cannot restrict the role
  4. Access to a project automatically includes access to the reports inside it
This combined model gives you:
  • simplicity for admins
  • flexibility for collaboration
  • safety when sharing reports externally
Last modified on May 30, 2026