This guide breaks down all the user roles and permissions available, so you can easily see what each role can access or change. You’ll also find a handy overview of each role and links to step-by-step instructions if you need to make changes. We’ve built our system on industry best practices—including SOC 2 and ISO 27001—so you can feel confident your data’s in good hands.
Covered in this article:
Role Capabilities by Permission
Here’s a breakdown of each role and the actions they’re permitted to perform in Rewind:
| Action / Permission | Organization Owner |
Organization Admin |
Integration Admin |
Read‑Only |
|---|---|---|---|---|
| Manage Access | ||||
| Add / remove users | Yes | Yes | No | No |
| Assign / change roles | Yes | Yes | No | No |
|
Configure organization settings (including SSO) |
Yes | Yes | No | No |
| Transfer organization ownership | Yes | No | No | No |
| Subscription & Billing | ||||
| Link / unlink integrations | Yes | Yes | No | No |
| Manage billing & subscriptions | Yes | Yes |
No (Yes if Shopify) |
No |
| Audit & Compliance | ||||
| Perform data exports | Yes | No | No | No |
| View Audit Log | Yes | Yes |
Yes (assigned only)* |
Yes (assigned only)* |
| Export Audit Log | Yes | Yes |
Yes (assigned only)* |
Yes (assigned only)* |
| Manage Integrations | ||||
| Access all integrations | Yes | Yes | No | No |
| Configure integration settings | Yes | Yes |
Yes (assigned only)* |
No |
| View backup data | Yes | Yes |
Yes (assigned only)* |
No |
| Perform item‑level restore | Yes | Yes |
Yes (assigned only)* |
No |
| Perform advanced restore | Yes | Yes |
Yes (assigned only)* |
No |
| Perform Manual Backup | Yes | Yes |
Yes (assigned only)* |
No |
| Monitor backup status / history | Yes | Yes |
Yes (assigned only)* |
Yes (view only) |
*assigned only means the user with this permission can access only the data, actions, or pages for the specific integrations where they have been assigned as an admin. They will only be able to view or perform actions for those integrations, not for others in the organization.
Role Descriptions
Each role in Rewind is designed to support different responsibilities within your team:
-
Organization Owner: Has full access to all settings, billing, integrations, users, and backup data across the entire organization. This is the highest level of access in Rewind and is the only role that can transfer ownership or export data. There can only be one Organization Owner.
-
Organization Admin: Can manage users, configure settings, and perform most actions except transferring organization ownership. Ideal for trusted team members who help manage Rewind day to day.
-
Integration Admin: Has limited access, focused only on assigned integrations. This role is useful for technical users or team members managing backups for specific platforms (e.g., Shopify, GitHub).
- Read-Only: Can view assigned integrations and their backup history but cannot make any changes. This role is best for auditors or team members who need visibility but not access control.
Best practice:
To prevent loss of access and keep your backups running smoothly, set up a dedicated service account for your organization:
- Invite a new user to Rewind using a shared, consistently available email address (not tied to any one individual).
- Assign this account the Organization Owner role.
- Use this account for all important Rewind admin tasks.
Related Articles
The following articles provide step-by-step instructions for common tasks related to user roles and permissions:
How to assign or change user roles
How to invite additional members to your Rewind Organization
How to Transfer Rewind Organization Ownership
FAQs: User roles and permissions (Role-Based Access Control)
These resources can help if you're looking to update access for a team member, better understand what each role can do, or resolve questions about permissions.
Need More Help?
If you have questions or need assistance, reach out to help@rewind.com or submit a request. We’re here to help!