Assign and change roles

Change a member's role from People page action menu. Effect is immediate. Audited. Roles are per-workspace.

Written By Salvatore Sinigaglia

Last updated About 5 hours ago

Change a member's role from People page action menu. Effect is immediate. Audited. Roles are per-workspace.

Assign and change roles

Open Settings β†’ Team β†’ People, find the member, click the action menu (three dots) β†’ Change role β†’ pick the new role β†’ confirm. The change is immediate and recorded in the audit log. Roles are per-workspace β€” the same user can be Owner here and Viewer elsewhere.

Who is this for

Admins promoting a teammate, demoting a former contractor, or restructuring after a reorg.

Before you start

  • You need a role with team-write access: admin, owner, or super_admin
  • Be confident in the target role β€” see full roles reference
  • The change takes effect immediately on their next page navigation β€” coordinate with them if it's a sensitive transition

How to change a role

Step 1: Open People page

Navigate to Settings β†’ Team β†’ People. Find the member's row (search by name or email if needed).

Step 2: Open action menu

Click the three-dot icon at the right of the row. The menu opens with options including Change role.

Step 3: Pick the new role

A dialog opens with:

  • Current role: their existing role
  • New role: dropdown of assignable roles

The assignable roles are owner, manager, mediabuyer, finance, viewer. admin and super_admin are Wevion-staff platform roles and are never assignable from this surface. You can only grant a role at or below your own level β€” for example, an owner can nominate a co-owner, but a manager can grant everything except owner.

Step 4: Confirm

Click Confirm role change. The backend updates the member's role and records an audit log entry with action member.role-change (metadata includes the previous and new role).

Step 5: They see the change

The next time they navigate in the app, their UI re-renders with the new permissions. If they were viewing something they no longer have access to, a toast appears: "Permission changed β€” refresh" and the page reloads.

Role hierarchy reminder

super_admin (100)  ────  Org-wide, set at Organization level (not workspace)        ↓admin       (90)   ──┐                     β”‚ Per workspaceowner       (80)   ─── (one user can hold different roles in different workspaces)                     β”‚manager     (70)   ───                     β”‚mediabuyer  (60)   ───                     β”‚finance     (50)   ───                     β”‚viewer      (40)   β”€β”€β”˜

Anyone with admin (90) or higher can manage roles within their workspace. super_admin can manage roles across all workspaces in the Org.

Promoting to owner

Owner is the only role that holds billing rights within a workspace. Many workspaces have just one owner (the founder or finance lead). Multiple owners = shared billing access.

If you want to transfer workspace ownership (one owner replacing another), use the dedicated flow: transfer workspace ownership β€” it's a different operation with extra safeguards (cannot leave a workspace without an owner).

If you want to add an owner alongside existing one(s), use the regular Change role flow. The number of owners isn't capped.

Demoting an owner

The same Change role flow. Constraint: at least one owner must remain per workspace. If you try to demote the last owner, the backend blocks with: "Cannot leave workspace without an owner".

To replace the only owner: first promote someone else to owner, then demote the original.

Cross-role audit trail

Every role change is recorded in the audit log with the action member.role-change. The entry captures who was changed, who made the change, and the previous and new role in its metadata.

View at Settings β†’ Team β†’ Audit Log (filter by member.role-change). See audit log article for the full schema and filters.

Bulk role changes

The People page supports bulk selection: tick multiple rows β†’ toolbar shows actions β†’ Change role β†’ apply same new role to all selected.

Useful for offboarding waves or onboarding a class of new contractors with the same role.

What you'll see

After a successful role change:

  • The role column on the row updates immediately (e.g. viewer β†’ mediabuyer)
  • A toast: "Role updated"
  • An audit log entry visible at /settings/team/audit-log
  • The affected user sees a permission-changed toast on their next navigation

Common issues

  • Role you want isn't in the dropdown: admin and super_admin are Wevion-staff roles and are never assignable from the People page. You can also only grant a role at or below your own level.
  • "At least one owner required": you tried to demote the last owner. Promote someone else first, then demote.
  • User still seeing old permissions after change: they need to refresh or navigate to a new page. The change is server-side immediate, but the React app caches some checks until next navigation.
  • Error: "Insufficient permissions": your role lacks team-write. Ask an admin or owner to make the change.
  • Cannot change own role: by design (prevents self-locking). Ask another admin to change yours.

Permission re-evaluation timing

Backend permission checks happen on every API request. Frontend permission checks (button enable/disable, sidebar items visibility) happen on:

  • Initial page load (cached)
  • Route change (recomputed)
  • Force refresh (Cmd+Shift+R)

So a fresh role takes effect on next page load. There's no "kick out" β€” if the user is mid-edit on something they no longer have access to, they get a friendly toast and a redirect.

FAQ

How do I change a member's role in Wevion?

Open Settings β†’ Team β†’ People, find the member, click the three-dot action menu, choose Change role, pick the new role, and confirm. Wevion updates the membership and records an audit entry (member.role-change). The dropdown offers owner, manager, mediabuyer, finance, and viewer β€” admin and super_admin are Wevion-staff roles and are never assignable here β€” and you can only grant a role at or below your own level.

Does a role change take effect immediately?

The change is server-side immediate and audited: Wevion's backend permission checks run on every API request. In the frontend, the affected user's UI re-renders with the new permissions on their next page navigation, and if they're viewing something they no longer have access to, they get a "Permission changed β€” refresh" toast and the page reloads.

Can I demote the last owner of a workspace?

No. Wevion requires at least one owner per workspace, so demoting the last owner is blocked with "Cannot leave workspace without an owner." To replace the only owner, first promote someone else to owner via Change role, then demote the original. The number of owners isn't capped, so you can also add owners.

Can I change my own role in Wevion?

No. By design, Wevion prevents you from changing your own role to avoid self-locking. If you need your role changed, ask another admin or owner to do it from the People page. Changing roles requires a role with team-write access β€” admin, owner, or super_admin β€” otherwise you'll see "Insufficient permissions."

Where are role changes recorded?

Every role change is recorded in Wevion's audit log with action member.role-change, capturing the previous role, the new role, and who made the change. View it at Settings β†’ Team β†’ Audit Log and filter by member.role-change. The People page also supports bulk selection, so you can apply one new role to several members at once.

FAQ

How do I change a member's role in Wevion?

Open Settings β†’ Team β†’ People, find the member, click the three-dot action menu, choose Change role, pick the new role, and confirm. Wevion updates the membership and records an audit entry (member.role-change). The dropdown offers owner, manager, mediabuyer, finance, and viewer β€” admin and super_admin are Wevion-staff roles and are never assignable here β€” and you can only grant a role at or below your own level.

Does a role change take effect immediately?

The change is server-side immediate and audited: Wevion's backend permission checks run on every API request. In the frontend, the affected user's UI re-renders with the new permissions on their next page navigation, and if they're viewing something they no longer have access to, they get a "Permission changed β€” refresh" toast and the page reloads.

Can I demote the last owner of a workspace?

No. Wevion requires at least one owner per workspace, so demoting the last owner is blocked with "Cannot leave workspace without an owner." To replace the only owner, first promote someone else to owner via Change role, then demote the original. The number of owners isn't capped, so you can also add owners.

Can I change my own role in Wevion?

No. By design, Wevion prevents you from changing your own role to avoid self-locking. If you need your role changed, ask another admin or owner to do it from the People page. Changing roles requires a role with team-write access β€” admin, owner, or super_admin β€” otherwise you'll see "Insufficient permissions."

Where are role changes recorded?

Every role change is recorded in Wevion's audit log with action member.role-change, capturing the previous role, the new role, and who made the change. View it at Settings β†’ Team β†’ Audit Log and filter by member.role-change. The People page also supports bulk selection, so you can apply one new role to several members at once.

Steps

  1. Navigate to Settings β†’ Team β†’ People. Find the member's row (search by name or email if needed).
  2. Click the three-dot icon at the right of the row. The menu opens with options including Change role.
  3. A dialog opens with: Current role: their existing role New role: dropdown of assignable roles The assignable roles are owner, manager, mediabuyer, finance, viewer. admin and super_admin are Wevion-staff platform roles and are never assignable from this surface. You can only grant a role at or below your own level β€” for example, an owner can nominate a co-owner, but a manager can grant everything except owner.
  4. Click Confirm role change. The backend updates the member's role and records an audit log entry with action member.role-change (metadata includes the previous and new role).
  5. The next time they navigate in the app, their UI re-renders with the new permissions. If they were viewing something they no longer have access to, a toast appears: "Permission changed β€” refresh" and the page reloads.

Last updated: 2026-05-17