We value your privacy

We use necessary cookies to run the site and, with your consent, analytics and marketing cookies to improve it. You can change your choice anytime. Privacy Policy

  • Security
  • Pricing
Book a scoping call
  1. Help Center
  2. Admin & security
  3. Roles and permissions
Browse categories
Getting started
Shield Control
Shield Web
Policies & presets
Compliance & frameworks
Admin & security
  • Domain verification and join modes
  • Privacy and data handling
  • Roles and permissions
Troubleshooting
FAQ
Getting started
Shield Control
Shield Web
Policies & presets
Compliance & frameworks
Admin & security
  • Domain verification and join modes
  • Privacy and data handling
  • Roles and permissions
Troubleshooting
FAQ

Roles and permissions

Updated July 5, 2026·1 min readAll plans

Shield Control uses four roles, designed so security work, audit work, and administration can be separated cleanly.

The four roles

  • Admin — everything: organization settings, billing, users, policies, audit.
  • Security — writes policies and works Discovery and the audit log, without touching org administration.
  • Auditor — read access plus exports. Made for compliance reviews: sees everything, changes nothing.
  • Member — self-service only: their own profile and consent settings.

A role is assigned when you invite someone; people who join automatically via your verified domain start as Member, and whoever created the organization is its first Admin.

Changing a role

  1. Open Users & Roles.
  2. In the member's row menu, select Edit role.
  3. Pick the new role and save.

The row menu is also where Remove member lives.

Note: the number of admin seats is plan-dependent (Starter 1, Business 5, Enterprise unlimited). If a role change would exceed the limit, Shield tells you instead of failing silently.

Was this article helpful?

Related articles

Invite your team

Invite members by email from Users & Roles, track open invitations, and handle join requests from your verified domain.

Read article

Domain verification and join modes

Verify your company domain via DNS TXT record or email, then choose how sign-ups from that domain join: automatically, by approval, or invite-only.

Read article

Privacy and data handling

What admins can see about employees' AI usage, the privacy controls that govern it, and how long audit data is retained.

Read article

Still stuck?

Send us the details — we answer within one business day.

Contact support

On this page

  • The four roles
  • Changing a role

Subscribe to our newsletter

Product and governance updates — see our privacy policy.

AI security and control for every model your team uses.

Built in Dubai. Designed for teams operating across regions, models, and regulatory environments.

  • Product

    • Shield Web
    • Shield Control
    • Shield Desktop
    • Shield Mobile
    • Pricing
    • Download
  • Solutions

    • For CISOs
    • For Operations
    • For AI Teams
  • Use Cases

    • AI Governance
    • AI Agent Security
    • LLM Access Control
    • Secure AI Deployment
    • Enterprise Operations
    • Financial Services
  • Resources

    • Help Center
    • Blog
    • Guides
    • Glossary
    • Changelog
    • AI Risk Calculator
    • Compare
    • FAQ
  • Company

    • About
    • Careers
    • Security & Trust
    • Contact
  • Legal

    • Legal
    • Privacy
    • Terms
    • GDPR / DPA

© 2026 Qadar AI. All rights reserved. EU data residency available for Enterprise customers.