Sixtyfour uses role-based access control (RBAC) to manage what organization members can see and do. Every member is assigned one of three roles: Member, Admin, or Owner.
| Role | Inherits from | Typical use |
|---|
| Member | — | Developers and end users running API calls, or using the platform’s Agent |
| Admin | Member | Team leads managing keys, billing, and webhooks |
| Owner | Admin | Billing and IT administrators with full org control |
Each role is additive — Admins have everything Members have, and Owners have everything Admins have.
Permission reference
The table below lists every permission and which roles hold it.
| Permission | Member | Admin | Owner |
|---|
org:read | ✓ | ✓ | ✓ |
org:write:rename | | | ✓ |
org:write:support | | | ✓ |
members:read | ✓ | ✓ | ✓ |
members:write:invite | | ✓ | ✓ |
members:write:role | | | ✓ |
members:write:remove | | | ✓ |
oauth:read | ✓ | ✓ | ✓ |
oauth:write | | ✓ | ✓ |
webhooks:read | ✓ | ✓ | ✓ |
webhooks:write | | ✓ | ✓ |
keys:read | ✓ | ✓ | ✓ |
keys:write | | ✓ | ✓ |
billing:read | ✓ | ✓ | ✓ |
billing:write | | ✓ | ✓ |
usage:read | ✓ | ✓ | ✓ |
logs:read | | ✓ | ✓ |
logs:export | | ✓ | ✓ |
agent:read | ✓ | ✓ | ✓ |
agent:write | | ✓ | ✓ |
data:read | ✓ | ✓ | ✓ |
data:write | ✓ | ✓ | ✓ |
integrations:write | ✓ | ✓ | ✓ |
Member
The default role for anyone invited to an organization.
| Permission | Description |
|---|
org:read | View organization details |
members:read | View the member list |
oauth:read | View OAuth client configurations |
webhooks:read | View webhook configurations |
keys:read | View that API keys exist (not the key value) |
billing:read | View billing information and invoices |
usage:read | View usage dashboards and credit balance |
agent:read | View agent configurations |
data:read | Read enrichment and search data |
data:write | Run enrichment and search requests |
integrations:write | Manage third-party integrations |
API key values are only visible at generation time. keys:read confirms a key exists — it does not expose the key value.
Admin
Admins have all Member permissions, plus the ability to manage team access and account configuration.
| Permission | Description |
|---|
members:write:invite | Invite new members to the organization |
keys:write | Create and revoke API keys |
oauth:write | Create and manage OAuth clients |
webhooks:write | Create and manage webhooks |
billing:write | Update billing details and payment methods |
logs:read | View detailed API call logs |
logs:export | Export API logs as CSV |
agent:write | Create and update agent configurations |
Owner
Owners have all Admin permissions, plus organization-level controls that affect membership structure and account identity.
| Permission | Description |
|---|
members:write:role | Change a member’s role |
members:write:remove | Remove members from the organization |
org:write:rename | Rename the organization |
org:write:support | Manage support access and settings |
Only an existing Owner can promote another member to Owner or remove an Owner from the organization. Assign this role carefully.
Manage role assignments
Role assignments are managed from the organization settings page in the Sixtyfour app.
- Go to Organization settings.
- Open the Team Members section.
- Change a member’s role or remove them from the organization.
You need members:write:role to change roles and members:write:remove to remove members — both held by Owners only. Admins can invite new members but cannot change existing roles. 
