Roles

DB AI Magic has two kinds of accounts — Admins and Employees — with several specific roles inside each. Together they let you grant exactly the access each teammate needs, no more.

Two kinds of accounts

Every account in DB AI Magic is either an Admin or an Employee:

Admin— the people who own the organisation. Sign in with Google. Manage connections, billing, and invite other teammates.
Employee— teammates invited by an admin. Sign in with email + password (or an employee code). Get exactly the permissions an admin grants — nothing more.

How roles work

Inside each account kind there are specific rolesthat describe seniority and scope:

Admin accounts can be Super Admin or Admin.
Employee accounts can be Editor, Viewer, or one of six SQL/NoSQL operator levels (junior, senior, expert).

Roles set the defaults. From there an admin layers on per-connection access and per-feature toggles to fine-tune further. See Role Reference for the complete list.

Three permission tiers

Every action in DB AI Magic is permitted only if all three tiers agree:

Role default — what this role can normally do (e.g. an Editor can write SQL; a Viewer cannot).
Feature flag — whether the feature is enabled for this teammate at all (Reports, Datasets, Dashboards, AI Dashboards, AI Provider Keys).
Resource access — which specific connections, databases, tables or individual reports they can see.

Start permissive, then tighten

It's easiest to give a new teammate a broad role first, then narrow connections / resources after watching them work for a day or two. Removing access is one click.

Where to go next

Open Role Referencefor the full list of roles with the typical permissions each one ships with, or jump to the Roles & Invitations area inside Admin Settings to create your first employee.