Permissions and Plan Features
Understand why a user can see, manage, or be locked out of a workspace capability.
Two gates
A permission grants an action to a user. A plan feature makes the module available to the workspace. Both must allow access, and the subscription must be active.
| Module | View | Manage/action |
| --- | --- | --- |
| Analytics | analytics:view | — |
| Events | events:view | events:assess |
| Reviews | reviews:view | reviews:manage, feedback:submit |
| Policy | policy:view | policy:manage |
| Graph | graph:view | graph:pii |
| Threat Intel | threat_intel:view | threat_intel:manage |
| Developer Settings | developer_tools:view | developer_tools:manage |
| Audit Logs | audit_logs:view | — |
| Billing | billing:view | billing:manage |
| Team | users:view, roles:view, departments:view | matching :manage or users:invite |
Troubleshoot access
Check subscription status, plan feature, effective permission, user active status, and invitation status—in that order. A 403 is a permission failure; 402 is subscription or usage related.