Roles & Permissions

Wire uses role-based access control (RBAC) to manage permissions within organizations. Each member has a role that determines what actions they can perform.

Roles Overview

Role	Description
Owner	Full control over the organization
Admin	Manage members, containers, and billing
Member	Full container management, read-only org settings

Owner

The owner has complete control over the organization.

Permissions:

Create, read, update, and delete the organization
Manage all members (invite, remove, change roles)
Access billing and subscription settings
Full container management including admin operations
Container Management page: view all org containers, pause, delete, manage sharing
Configure organization-wide settings

Notes:

The user who creates an organization is automatically the owner
Organizations can have multiple owners
There must always be at least one owner

Admin

Admins can manage team members and containers but cannot modify organization-level settings.

Permissions:

View organization details
Invite new members
Remove members (except owners)
Change member roles (except to/from owner)
Full container management including admin operations
Container Management page: view all org containers, pause, delete, manage sharing
Access billing settings

Cannot:

Update organization name or settings
Delete the organization
Remove or demote owners

Member

Members can create and manage their own containers, upload files, and trigger analysis. They can only access containers they created or were explicitly shared with.

Permissions:

View organization details and member list
Create containers
Upload and delete files in containers they have editor or admin access to
Update container name and description
Trigger analysis
Trash and restore containers
Invite new members
Use MCP tools on accessible containers
View billing balance (read-only)

Cannot:

See containers created by others (unless shared)
Upload files to containers without an explicit editor or admin grant
Pause or unpause containers
Change container visibility
Change analysis cadence
Permanently delete containers
Migrate containers to another organization
Access the Container Management page
Change member roles
Modify organization settings
Purchase credits or configure billing

Organization-Level Container Permissions

These permissions apply at the organization level, regardless of container grants:

Action	Owner	Admin	Member
Create containers	✓	✓	✓
Container Management page	✓	✓	✗
Pause / unpause	✓	✓	✗
Change visibility	✓	✓	✗
Change analysis cadence	✓	✓	✗
Permanently delete	✓	✓	✗
Migrate to another org	✓	✓	✗

Container-Level Access

Visibility

Containers have two visibility settings:

Private - Only the creator and people with explicit grants can access
Public - Anyone with the MCP URL can read (no authentication required)

Container Grants

Containers use a separate permission layer from organization roles. When you share a container with someone, you assign a container-level permission:

Container Permission	Access
Viewer	View, search, explore
Editor	Viewer permissions, plus write, delete, upload files, analyze
Admin	Full access including settings and sharing

The container creator automatically gets admin permission. Organization owners and admins can see all containers for billing and usage purposes, but need an explicit grant to edit containers they didn’t create.

See Sharing Containers for a step-by-step guide.

Inviting Members

Go to Organization Settings
Click Members
Click Invite Member
Enter email and select role
Click Send Invitation

The invited user will receive an email with a link to join your organization.

Changing Roles

Go to Organization Settings → Members
Find the member
Click on their current role
Select the new role

Removing Members

Go to Organization Settings → Members
Find the member
Click Remove
Confirm removal

Removing a member immediately revokes their access to all containers in the organization.