Roles & Permissions
Roles define what users can do in Stratos. This article provides a detailed reference for each built-in role and the specific permissions it grants.
Built-in Roles
Section titled “Built-in Roles”Viewer
Section titled “Viewer”Read-only access across the platform.
| Area | Permission |
|---|---|
| Screens | View screens and their status. Cannot authorize, edit, or send commands. |
| Layouts | View published layouts. Cannot create or edit. |
| Playlists | View playlists. Cannot create or edit. |
| Schedules | View schedules. Cannot create or edit. |
| Media | View media library. Cannot upload, edit, or delete. |
| Reports | View reports and proof of play. |
| Users | Cannot access user management. |
Editor
Section titled “Editor”Can create and edit content.
| Area | Permission |
|---|---|
| Screens | View screens. Cannot authorize or send commands. |
| Layouts | Create, edit, and publish layouts. |
| Playlists | Create and edit playlists. |
| Schedules | Create and edit schedules. |
| Media | Upload, edit, and organize media. Cannot delete. |
| Reports | View reports. |
| Users | Cannot access user management. |
Manager
Section titled “Manager”Full content control plus screen management.
| Area | Permission |
|---|---|
| Screens | Authorize, edit, and send commands to screens. |
| Layouts | Full layout management. |
| Playlists | Full playlist management. |
| Schedules | Full schedule management, including overrides. |
| Media | Full media management including delete. |
| Reports | View and export reports. |
| Users | Cannot manage users or roles. |
| Folders | Create and manage folders within granted access. |
Operator
Section titled “Operator”Focused on day-to-day screen operations.
| Area | Permission |
|---|---|
| Screens | View status, send commands (Collect Now, Restart, Reboot), request screenshots. |
| Layouts | View only. |
| Playlists | View only. |
| Schedules | View only. |
| Media | View only. |
| Reports | View proof of play and uptime reports. |
| Users | Cannot access user management. |
Administrator
Section titled “Administrator”Unrestricted access.
| Area | Permission |
|---|---|
| All content | Full management of screens, layouts, playlists, schedules, and media. |
| Users | Invite, edit, and remove users. Create and edit roles. |
| System | Configure system settings, navigation overrides, and integrations. |
| Billing | View and manage account billing (if applicable). |
Custom Roles
Section titled “Custom Roles”Administrators can create custom roles that combine specific permissions. See Managing Roles for details.
Permission Inheritance
Section titled “Permission Inheritance”When a user has multiple roles, their effective permissions are the union of all role permissions. If one role grants “edit layouts” and another grants “delete media,” the user can do both.
Folder Grants
Section titled “Folder Grants”Roles determine what you can do. Folder grants determine where you can do it. Even with the Manager role, you can only manage content in folders you have access to.
Related
Section titled “Related”- Inviting Users — add users and assign roles.
- Managing Roles — create custom roles.
- Understanding Permissions — how roles and folders combine.
- Access Management — the user and role management page.