Account

Roles & Permissions

Lighthouse has two permission layers: org-level roles (admin vs member) and per-resource access control on individual data sources and metrics.

Note

The "role" question asked during onboarding (e.g. Data Engineer, Business Analyst) is a survey field about your job function. It has no effect on permissions or feature access.

Org-level roles

Every user in your Lighthouse organization has one of two roles:

Role	What they can do
Admin	Manage billing and subscription, configure org settings, connect external AI APIs (BYOK), and bypass resource-level access controls. Admins can see and edit all data sources, datasets, and metrics regardless of ACL settings.
Member	Create and manage the resources they have access to. Subject to per-resource access control lists (see below). Cannot access billing, org settings, or admin-only resources.

Org roles are managed in your Lighthouse organization settings. The person who creates the organization is automatically an admin.

Metric access control

Each metric has its own access level setting for view and edit independently (see the General section of the metric editor). Three options:

Access level	Who has access
Everyone	All org members. Default for new metrics.
Owner	Only the metric creator and the user assigned as metric owner. Org admins always have full access regardless of this setting.
Selected people	Specific users you add to the viewer or editor lists.

Access levels are configured in the Access Control accordion inside the General section of the metric editor.

Note

The middle option is labeled Owner in the metric editor UI (not "Admins only"). It restricts access to the metric's creator and the user assigned in the Owner field — not org-level admins. Org admins always bypass ACL checks regardless of this setting.

Viewer and editor lists

When a metric or data source is set to Selected users, you can add individual users to two lists:

List	Permissions
Viewers	Can see the metric, its alert history, and trend charts. Cannot edit the metric configuration.
Editors	Can see and fully edit the metric — change thresholds, schedule, segments, and notification settings.

Note

Org admins always have full access to all resources regardless of these lists. The access control settings only restrict non-admin members.

Enterprise permissions

The full permissions and roles system — including resource ACL configuration and viewer/editor lists — is included in the Enterprise plan. If you're on a paid plan and don't see access control options in the metric editor, contact support.

See the Plans & Billing page for a full feature comparison.

← Slack Integration Plans & Billing →