Skip to main content

Overview

Urumi gives you fine-grained control over who can do what on a site. Every collaborator has a set of permissions, and every action in the dashboard — deploying to production, editing environment variables, inviting a teammate — is tied to a specific permission.

Most of the time you'll pick a role for each collaborator. A role is a ready-made package of permissions designed around how people typically work:

  • Owner — created the site and has full control
  • Admin — trusted day-to-day operator
  • Editor — developer or merchandiser working on the site
  • Viewer — can see everything but not change anything
  • Data Analytics — analyst who needs Analytics access on top of view-only

If none of these fit, pick Custom and tick exactly the permissions you want to grant. See Roles & permissions for the full breakdown of what each role can do.

What you'll see in the dashboard

Permissions shape the dashboard for every collaborator:

  • Buttons for actions you can't perform appear greyed out with a tooltip explaining why. You'll never click something only to be told you couldn't do it.
  • Tabs that don't apply to your role (for example, the Analytics tab if you don't have Analytics access) are hidden from the sidebar.
  • If something does slip through and you try to perform an action you don't have permission for, you'll get a clear message — no cryptic error codes.

Who can manage members

Anyone with the Manage Members permission can invite collaborators, remove them, and adjust their permissions. By default that's Owner and Admin, but you can grant it to anyone with a Custom role.

Manage Members is broad: anyone who holds it can invite collaborators at any role short of Owner, adjust any non-Owner collaborator's permissions to any combination they want, and remove anyone except the Owner. The only things off-limits are promoting someone to Owner and granting Owner-only permissions (Site settings, Custom domains, GitHub integration) — those stay with whoever owns the site.

The Inviting collaborators page walks through the full flow.

Owner-only actions

Three things stay tied to whoever owns the site, no matter what role anyone else has:

  • Site settings — name, status, advanced configuration
  • Custom domains — connecting, validating, activating a domain
  • GitHub integration — connecting or disconnecting the repository

These are ring-fenced because they change the identity of the site — who pays for it, where its traffic goes, where its source code lives. If you need to hand them off, contact Urumi support.

Customising a collaborator's permissions

The preset roles are starting points. From the Team page, click a collaborator's row to expand it and tick permissions on or off individually. The role label automatically becomes Custom the moment your selection stops matching a preset, and snaps back to a preset name if you land on an exact match. This is how you grant something narrow like "let this Editor also clear cache" without promoting them to Admin.

The same Owner-only boundary applies — you can't tick Site settings, Custom domains, or GitHub integration. Everything else is fair game if you hold Manage Members. A small set of view permissions (Overview, Logs, Team, Settings, Deploy, Workspaces, Domains, Env Variables) is always on — these are what keeps the dashboard navigable for every collaborator and they can't be turned off.

Editing your own permissions

If you have Manage Members, you can edit your own row too. This is useful when you want to narrow your own access — for example, a developer who'd rather not have the ability to clear production cache by accident can untick that permission on themselves.

The Owner is the only exception — the site's Owner can't edit themselves out of being the Owner. If the Owner needs to hand off the site, contact Urumi support.