> ## Documentation Index
> Fetch the complete documentation index at: https://docs.caplena.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Introduction: Permission Types

> Learn how Caplena’s role-based and project-specific permissions work.

When many people collaborate in Caplena, it’s important that everyone has exactly the access they need. Caplena makes this easy through **roles** and **object-level permissions**. Below is the simplest possible explanation of how everything works.

## The Two Things That Control Access:

### 1) **Roles** → Your default access everywhere

A role defines what someone can do across the whole Caplena workspace.

Think of a *role* as your “driving license type”, it gives broad permissions. 

<Frame>
  <img src="https://mintcdn.com/caplena-32172960/zfVPRuk4lAKWTRBI/images/Screenshot-2026-05-30-at-09.17.13.png?fit=max&auto=format&n=zfVPRuk4lAKWTRBI&q=85&s=fffe040e62f27d81afa92180a7e9cefc" alt="Screenshot 2026 05 30 At 09 17 13" width="3196" height="914" data-path="images/Screenshot-2026-05-30-at-09.17.13.png" />
</Frame>

**What roles decide:**

* Can the user upload projects?
* Edit topics and answers?
* Create reports?
* Spend credits on AI operations?
* Manage the team or subscription?

**Examples:**

* Someone with **Admin** can access everything.
* Someone with **Reporting Only** can access *only* reports that are explicitly shared.

Roles = your baseline abilities across the whole organization.

<Note>
  You can find more information on roles [here](/settings-administration/permissions-deep-dive/understanding-role-based-permissions).
</Note>

### 2) **Object-Level Permissions** → Extra access to a specific project or report

These permissions are added individually to:

* one project
* one report

<Frame>
  <img src="https://mintcdn.com/caplena-32172960/zfVPRuk4lAKWTRBI/images/Screenshot-2026-05-30-at-09.18.09.png?fit=max&auto=format&n=zfVPRuk4lAKWTRBI&q=85&s=8bf4aea9fa3e8ba1deb0c9449bc6a581" alt="Screenshot 2026 05 30 At 09 18 09" width="3226" height="874" data-path="images/Screenshot-2026-05-30-at-09.18.09.png" />
</Frame>

**Example:**

A freelancer has a very restricted role (External Coder), but you give them access to **1 specific project**. They will see **only that project**, nothing else.

Object permissions can only ADD access they never remove what a role already provides.

<Note>
  You can find more information on project permissions [here.](/settings-administration/permissions-deep-dive/object-level-permissions)
</Note>

## **How the Two Types Work Together**

Caplena evaluates access in this order:

1. **Role** → global abilities
2. **Object-Level Permissions** → extra access
3. Permissions cannot restrict the role
4. Access to a project automatically includes access to the reports inside it

This combined model gives you:

* simplicity for admins
* flexibility for collaboration
* safety when sharing reports externally