Roles and Permissions
How access works in Assembley — organisation administrators who manage voters and run assemblies, and the platform-level oversight role — so you can give colleagues the right level of access.
When more than one person helps run your assemblies, you need to control who can do what. Assembley uses roles to grant access at the right level — enough to be useful, not more than necessary. This article explains the model so you can set your team up sensibly.
Organisation administrators
The people who run your organisation in Assembley are administrators. An administrator can manage your voter register, create and configure assemblies, take them live, and access results and evidence. This is the role most of your team will have — the people who actually prepare and run meetings.
Because administrators can change the register and run meetings, grant the role deliberately: give it to the people responsible for governance and assembly administration, and review the list periodically. See Managing Your Account.
Platform-level oversight
Separately from your organisation's administrators, Assembley has a platform-level oversight role used for operating the service itself. This is distinct from your organisation's day-to-day administration and isn't something you assign to ordinary team members — it exists at the level of the platform, not your account.
Principle: least privilege
A good rule for any access model is least privilege — give each person the minimum access they need to do their job, and no more:
- Add colleagues who genuinely help run assemblies as administrators.
- Remove access promptly when someone changes role or leaves.
- Treat the ability to edit the register and run live meetings as significant, because those actions shape the official record.
Access and the integrity of the record
It's worth noting that access controls and the integrity of the record are two different protections. Even an administrator cannot quietly rewrite a concluded vote — the record is immutable and tamper-evident regardless of who is logged in. So roles govern who can operate the platform, while integrity mechanisms govern whether the record can be altered (it can't). See How Vote Integrity Is Protected.
Where to go next
See Managing Your Account for adding colleagues and Data Privacy and GDPR for how personal data is handled.
Related articles
- Data Privacy and GDPRHow Assembley approaches personal data and GDPR — EU data residency, what data an assembly processes, and why data protection is integral to running a defensible digital vote.
- Managing Your AccountHow to manage your Assembley organisation — updating organisation details, the participant label, inviting colleagues, and where billing and account settings live.
- Plans and PricingHow Assembley's plans are structured at a high level, what tends to differ between them, and where to find current pricing — including premium options like electronic ID verification.