When many people collaborate in Caplena, it’s important that everyone has exactly the access they need. Caplena makes this easy through roles and object-level permissions. Below is the simplest possible explanation of how everything works.
The Two Things That Control Access:
1) Roles → Your default access everywhere
A role defines what someone can do across the whole Caplena workspace.
Think of a role as your “driving license type”, it gives broad permissions. 
What roles decide:
-
Can the user upload projects?
-
Edit topics and answers?
-
Create reports?
-
Spend credits on AI operations?
-
Manage the team or subscription?
Examples:
-
Someone with Admin can access everything.
-
Someone with Reporting Only can access only reports that are explicitly shared.
Roles = your baseline abilities across the whole organization.
You can find more information on roles here.
2) Object-Level Permissions → Extra access to a specific project or report
These permissions are added individually to:
-
one project
-
one report
Example:
A freelancer has a very restricted role (External Coder), but you give them access to 1 specific project. They will see only that project, nothing else.
Object permissions can only ADD access they never remove what a role already provides.
You can find more information on project permissions here.
How the Two Types Work Together
Caplena evaluates access in this order:
-
Role → global abilities
-
Object-Level Permissions → extra access
-
Permissions cannot restrict the role
-
Access to a project automatically includes access to the reports inside it
This combined model gives you:
-
simplicity for admins
-
flexibility for collaboration
-
safety when sharing reports externally