Truffle uses three layers of access control to help you manage who can see and do what in your account. Organization roles control account-wide permissions, job roles determine access to specific jobs, and teams let you assign groups of people to multiple jobs at once.
This article explains how these three systems work together and provides examples of common setups.
The three layers of access control
Organization roles
Organization roles control what users can do across your entire Truffle account. There are four org-level roles:
Owner: Full control of Truffle including billing, security, integrations, and users. Always has access to all jobs and candidate data.
Admin: Help manage users, teams, and jobs. Manage most settings and reporting. Typically see all jobs by default (based on your organization policy).
Member: Standard workspace user who can create jobs and manage candidates on jobs they're added to. No access to billing or global settings.
Viewer: Restricted stakeholder access. Only see jobs they're explicitly added to. Can view candidates and activity but cannot perform billing, settings, or destructive actions.
Your organization role determines your baseline permissions. You'll always have at least this level of access, even if you're not specifically added to a job.
Job roles
Job roles control what you can do within a specific job. There are four job-level roles:
Job Owner: Full control of the job including settings, questions, and team access.
Collaborator: Can review candidates, add notes, and change candidate statuses.
Reviewer: Can view candidates and add notes, but cannot change statuses.
Viewer: Read-only access to candidates and job details.
Job roles only apply to the specific jobs you're assigned to. You can have different roles on different jobs.
Teams
Teams are groups of people you can assign to multiple jobs at once. Instead of adding collaborators one by one to each job, create a team and assign the whole team with a single click.
Example: Create an "Engineering Hiring Team" with your engineering manager, tech lead, and senior engineers. Assign this team to all engineering jobs so everyone automatically gets access.
Teams make it easy to manage permissions at scale, especially when multiple people need access to multiple jobs.
How the layers work together
Your access to any job is determined by combining your organization role with your job role.
Access hierarchy
The system follows this hierarchy:
Organization role sets your baseline permissions across the account.
Job role determines what you can do in specific jobs you're added to.
Teams provide a shortcut for assigning job roles to groups of people.
Example scenarios
Small startup with 3 people
CEO: Owner role (manages billing and account settings).
HR Lead: Admin role (creates jobs, manages team members, sees all jobs).
Hiring Manager: Member role (creates jobs for their department, reviews candidates).
Everyone can collaborate easily since Admins see all jobs by default.
HR team and hiring managers
HR Team: Admin role with a team called "HR Recruiters" that gets Collaborator access to all jobs.
Department Managers: Member role, added as Job Owners to jobs in their department.
Interview Panel Members: Member role, added as Reviewers to specific jobs they're helping with.
This setup gives HR visibility across all hiring while limiting managers to their own jobs.
Agency with multiple clients
Agency Owner: Owner role (manages billing and security).
Recruiters: Member role, each recruiter owns jobs for their assigned clients.
Client Stakeholders: Viewer role, added to their specific jobs only with Viewer job access.
This keeps client data separated while giving the agency full control over the account.