CallMeter Docs

Roles and Permissions

Complete permission matrix for CallMeter's five roles, project-level overrides, and security best practices.

CallMeter uses a hierarchical role-based access control (RBAC) system with five distinct roles. Each role inherits all permissions from the roles below it, creating a clear escalation path from read-only access to full organizational control. This guide provides the complete permission matrix and guidance on role assignment.

The Five Roles

RoleLevelPrimary Purpose
Viewer1Read-only access to dashboards, test results, and metrics
Tester2Execute pre-configured tests and probes
Editor3Create, modify, and delete resources (tests, probes, registrars, files)
Admin4Manage organization members and settings
Owner5Full control including billing, subscription, and organization deletion

Detailed Role Descriptions

Viewer

Viewers have read-only access. They can observe but not modify anything. This role is appropriate for:

  • Stakeholders who need to review test results and quality metrics
  • Managers tracking SIP infrastructure health via dashboards
  • External auditors reviewing compliance data
  • NOC operators monitoring status pages and probe health

Viewers can:

  • View all dashboards and analytics
  • View test configurations and results
  • View probe health and history
  • View media file library
  • View organization member list
  • Export reports and data

Viewers cannot:

  • Run tests or execute probes
  • Create, edit, or delete any resources
  • Manage members or settings
  • Access billing information

Tester

Testers can execute existing tests and probes but cannot create or modify them. This role is designed for:

  • QA engineers running pre-configured test suites
  • Operations staff executing routine validation tests
  • Junior team members learning the platform

In addition to all Viewer permissions, Testers can:

  • Run existing tests
  • Manually trigger probe executions
  • View running test progress in real time

Testers cannot:

  • Create new tests, probes, or registrars
  • Modify existing configurations
  • Upload or delete media files
  • Manage members or settings

Editor

Editors are the primary "builders" of the platform. They create and manage all testing resources. This role is appropriate for:

  • VoIP engineers designing test configurations
  • Network engineers setting up SIP registrars and probes
  • Senior QA engineers who build and maintain test suites

In addition to all Tester permissions, Editors can:

  • Create, edit, and delete tests
  • Create, edit, and delete probes
  • Create, edit, and delete registrars and SIP accounts
  • Upload, manage, and delete media files
  • Create and manage status pages
  • Configure webhooks
  • Create and manage API keys (scoped to their own permissions)
  • Manage project-level settings

Editors cannot:

  • Invite or remove organization members
  • Change member roles
  • Access organization-level settings
  • Access billing or subscription management

Admin

Admins manage the people and settings of the organization. They are team leads or IT administrators responsible for access control. This role is for:

  • Team leads managing their engineering groups
  • IT administrators controlling platform access
  • Security officers overseeing role assignments

In addition to all Editor permissions, Admins can:

  • Invite new members to the organization
  • Remove existing members
  • Change member roles (up to Admin level)
  • Set project-level role overrides
  • Manage organization settings (name, slug, preferences)
  • View audit logs

Admins cannot:

  • Access billing and subscription management
  • Delete the organization
  • Promote members to Owner
  • Transfer organization ownership

Owner

The Owner has unrestricted access to every aspect of the organization. There is exactly one Owner per organization -- the person who created it. This role is for:

  • The organization creator
  • The person responsible for billing and contractual obligations

In addition to all Admin permissions, the Owner can:

  • Manage subscription (upgrade, downgrade, cancel, pause)
  • Manage payment methods and invoices
  • Purchase credits
  • Manage addons (probe packs, worker licenses)
  • Delete the organization and all its data
  • Access all billing history and financial data

Owner role cannot be transferred through the UI

The Owner role is assigned at organization creation and cannot be changed through the standard member management interface. Contact support if you need to transfer ownership.

Complete Permission Matrix

Resource Access

ActionViewerTesterEditorAdminOwner
View dashboards and analyticsYesYesYesYesYes
View test configurationsYesYesYesYesYes
View test results and metricsYesYesYesYesYes
View probe health and historyYesYesYesYesYes
View media file libraryYesYesYesYesYes
View status pagesYesYesYesYesYes
Export data and reportsYesYesYesYesYes

Test Operations

ActionViewerTesterEditorAdminOwner
Run an existing test--YesYesYesYes
Manually trigger a probe--YesYesYesYes
Create a test----YesYesYes
Edit a test----YesYesYes
Delete a test----YesYesYes
View running test progress--YesYesYesYes

Resource Management

ActionViewerTesterEditorAdminOwner
Create registrars / SIP accounts----YesYesYes
Edit registrars / SIP accounts----YesYesYes
Delete registrars / SIP accounts----YesYesYes
Create probes----YesYesYes
Edit probes----YesYesYes
Delete probes----YesYesYes
Upload media files----YesYesYes
Delete media files----YesYesYes
Create status pages----YesYesYes
Edit status pages----YesYesYes
Delete status pages----YesYesYes
Configure webhooks----YesYesYes

Organization Management

ActionViewerTesterEditorAdminOwner
View member listYesYesYesYesYes
Invite members------YesYes
Remove members------YesYes
Change member roles------YesYes
Set project-level role overrides------YesYes
Manage organization settings------YesYes
View audit logs------YesYes
Create projects------YesYes
Delete projects------YesYes

Billing and Subscription

ActionViewerTesterEditorAdminOwner
View billing dashboard--------Yes
Change subscription plan--------Yes
Manage payment methods--------Yes
View invoices--------Yes
Purchase credits--------Yes
Manage addons--------Yes
Cancel subscription--------Yes
Delete organization--------Yes

API Access

ActionViewerTesterEditorAdminOwner
Create API keys----YesYesYes
Revoke own API keys----YesYesYes
Revoke any API key------YesYes
Use API (read endpoints)YesYesYesYesYes
Use API (write endpoints)----YesYesYes
Use API (run tests)--YesYesYesYes

API keys inherit their creator's role

An API key can only perform actions that its creator's role allows. An API key created by a Tester can trigger test runs but cannot create new tests. See API Authentication for details.

Project-Level Role Overrides

While organization-level roles define the default permissions, you can override a member's role for individual projects. This provides fine-grained access control.

How Overrides Work

  • A member's organization role applies to all projects by default
  • A project-level override replaces the organization role for that specific project
  • Overrides can grant higher or lower permissions than the organization role
  • If no override exists for a project, the organization role is used

Example Scenarios

Contractor with limited access:

  • Organization role: Viewer
  • Project override: Editor on "SIP Trunk Testing" project
  • Result: The contractor can create and edit resources in the testing project but has read-only access elsewhere

Senior engineer with elevated project rights:

  • Organization role: Editor
  • Project override: Admin on "Production Monitoring" project
  • Result: The engineer manages members for the monitoring project but operates as a standard Editor everywhere else

Executive observer:

  • Organization role: Viewer
  • No project overrides
  • Result: Read-only access across all projects, suitable for executive dashboards

Setting a Project Override

  1. Navigate to Settings > Members
  2. Click on the member's name to open their detail view
  3. In the Project Access section, find the target project
  4. Select the override role from the dropdown
  5. Save changes

To remove an override, reset the project role to "Inherit from organization."

Security Considerations

Principle of Least Privilege

Always assign the minimum role necessary for a member to perform their job. This reduces the blast radius of compromised credentials and limits accidental modifications.

Regular Access Reviews

Conduct periodic reviews of your member list:

  • Remove members who have left the team
  • Downgrade roles for members whose responsibilities have changed
  • Revoke API keys associated with removed members
  • Audit project-level overrides for accuracy

Sensitive Operations

The following operations are restricted to the Owner role because they have significant financial or organizational impact:

  • Changing or cancelling the subscription
  • Managing payment methods
  • Deleting the organization
  • Purchasing credits or addons

Ensure the Owner role is assigned to a responsible individual who manages the organization's financial relationship with CallMeter.

API Key Security

API keys inherit permissions from their creator. When an Editor creates an API key:

  • The key can create, edit, and delete tests and probes
  • The key cannot manage members or access billing
  • If the Editor's role is downgraded, their existing API keys retain the old permissions until revoked

Revoke API keys when changing roles

When downgrading a member's role, remember to review and revoke any API keys they created. API key permissions are set at creation time and do not automatically adjust when the creator's role changes.

Frequently Asked Questions

Can I have multiple Owners? No. Each organization has exactly one Owner. If you need multiple people with billing access, the Owner can share billing information through other means, but the platform role is restricted to one person.

Can an Admin promote someone to Owner? No. Admins can assign roles up to Admin level. The Owner role can only be managed by contacting support.

What happens to a member's resources when they are removed? Resources created by a removed member (tests, probes, registrars) remain in the organization. They are not deleted when the member is removed. API keys created by the member are revoked.

Can a Viewer see other members' information? Viewers can see the member list (names and roles) but cannot modify membership or view sensitive information like email addresses of all members.

Next Steps

Managing Members

Invite team members, assign roles, manage pending invitations, and control organization and project-level access in CallMeter.

Plans and Pricing

Compare CallMeter plans, understand what each tier includes, and choose the right plan for your VoIP testing needs.

On this page

The Five RolesDetailed Role DescriptionsViewerTesterEditorAdminOwnerComplete Permission MatrixResource AccessTest OperationsResource ManagementOrganization ManagementBilling and SubscriptionAPI AccessProject-Level Role OverridesHow Overrides WorkExample ScenariosSetting a Project OverrideSecurity ConsiderationsPrinciple of Least PrivilegeRegular Access ReviewsSensitive OperationsAPI Key SecurityFrequently Asked QuestionsNext Steps