Roles & Permissions: Deep Dive

Last updated: February 18, 2026

User roles in OnRamp define what someone can see, create, configure, and manage across the platform.

Choosing the right role ensures:

  • Clean governance

  • Proper data access

  • Controlled automation permissions

  • The right balance between autonomy and oversight

Below is a detailed breakdown of each role and how to use them strategically.

๐Ÿ” Internal User Roles

Internal users require an OnRamp license and have access to the full application interface.

๐Ÿ† Super Admin

Best for: CS Leadership, Operations, IT

What They Can Do

  • Full platform access

  • Manage users and roles

  • Configure integrations (CRM, Zapier, Webhooks, SSO)

  • Manage Data Fields, Task Roles, Tags

  • Create and manage Workflows

  • Build and publish Playbooks

  • Access all project data

When to Use It

Reserve this role for:

  • System owners

  • Technical administrators

  • Platform decision-makers

๐Ÿ’ก Best Practice: Limit Super Admin access to only those who truly need system-level control.

๐Ÿ”Œ Integrator

Best for: CS Ops, RevOps, IT

What They Can Do

  • Configure CRM integrations

  • Manage Webhooks and API connections

  • Publish Project Automation workflows

  • Maintain integration settings

What They Cannot Do

  • Create or own projects

  • Operate as a project contributor

When to Use It

Ideal for technical operators who manage system connectivity but are not directly onboarding customers.

๐Ÿ›  Creator

Best for: Onboarding Leads, CSMs

What They Can Do

  • Create and manage projects

  • Build and edit playbooks

  • Manage modules and tasks

  • Configure project-level automations

  • Own and complete project work

What They Cannot Do

  • Manage users

  • Configure platform-level settings

  • Manage integrations

When to Use It

Your primary operational team โ€” the people actively delivering onboarding and implementation.

๐Ÿค Collaborator

Best for: Onboarding Specialists, Exec Stakeholders

What They Can Do

  • Participate in assigned projects

  • Complete tasks

  • Comment and communicate

  • View project data

What They Cannot Do

  • Create new projects

  • Edit playbooks

  • Manage settings

When to Use It

Internal contributors who support onboarding but do not need system configuration access.

๐Ÿงฉ Contributor

Best for: Cross-Functional Stakeholders

What They Can Do

  • Complete assigned tasks

  • Interact within the scope of assigned work

What They Cannot Do

  • View unrelated projects

  • Access platform configuration

  • Create or manage projects

When to Use It

For limited-access participants โ€” finance, legal, product, or other teams who only need task-level involvement.

๐Ÿ‘ฅ Customer Users (Project Members)

Customer Users:

  • Do not require an OnRamp license

  • Access only the Customer Portal

  • Can only see projects they are invited to

They can:

  • Complete tasks

  • Upload files

  • Leave comments

  • View portal content

They cannot:

  • Access platform configuration

  • View internal-only tasks

  • See other customer accounts

Customer Users are strictly project-scoped.

๐Ÿง  Role Strategy: How to Choose Wisely

Use Super Admin sparingly

This role controls your entire system.

Default to Creator for delivery teams

Most onboarding professionals fall here.

Use Integrator for technical connection ownership

Keep CRM access separated from delivery teams when possible.

Use Collaborator for visibility without creation power

Great for leadership observers.

Use Contributor for narrow, task-specific involvement

๐Ÿ”„ How Roles Impact Automation & Workflows

Certain actions require elevated permissions:

Capability

Required Role

Configure CRM integrations

Integrator or Super Admin

Publish Workflow automation

Integrator or Super Admin

Create playbooks

Creator+

Manage users

Super Admin

Update project settings

Creator+

If someone cannot perform an action, verify their assigned role first.

๐Ÿ”Ž Auditing & Governance Best Practices

  • Review user roles quarterly

  • Remove unused Super Admins

  • Deactivate users who leave the company

  • Assign roles based on responsibility โ€” not title

๐Ÿšจ Common Misunderstandings

โ€œCreator means full access.โ€
Not true. Creators cannot manage users or system settings.

โ€œCustomer users can see all projects for their company.โ€
They only see projects they are explicitly added to.

โ€œIntegrator can run projects.โ€
No โ€” Integrator is for system connectivity, not delivery work.

๐Ÿ“Œ Summary

Roles in OnRamp are designed to:

  • Protect platform integrity

  • Enable operational autonomy

  • Separate technical control from delivery execution

  • Maintain secure customer access

Choosing the right role isnโ€™t just administrative โ€” itโ€™s strategic.