Skip to content
  • There are no suggestions because the search field is empty.

Members, Roles & Permissions

Members are Users who are affiliated with an Organization in MustardHub.

Every person who uses MustardHub has a personal User account that belongs to them as an individual. That personal account can be affiliated with one or more Organizations.

An Organization does not “own” a person’s account. Instead, it grants that person access to the Organization through a role.

This distinction matters because:

  • A person may belong to multiple Organizations
  • Access is scoped to each Organization independently
  • Leaving one Organization does not affect access to others

How roles and permissions work

MustardHub uses permission-based roles.

A role is simply a collection of permissions that determine:

  • What a Member can see
  • What actions they can take
  • What areas of the Workspace they can access

Permissions are granular, but roles are designed to bundle them in sensible ways so Admins do not need to think in terms of individual toggles.

MustardHub includes five default roles out of the box. These cover the needs of most Organizations. Custom roles can also be created if needed, but most teams rely entirely on the defaults.

Members are assigned a role when they are invited. Roles can be changed later by someone with the appropriate permissions.

Default roles vs custom roles

Default roles are designed to:

  • Be safe to use
  • Reflect common responsibilities
  • Reduce the risk of over-permissioning

In most cases, choosing the closest default role is sufficient.

Custom roles exist for Organizations that:

  • Need to separate responsibilities more precisely
  • Want to delegate limited admin capabilities
  • Operate in more complex environments

Creating a custom role does not change how permissions work. It simply changes how they are grouped.

What permissions actually control

Permissions determine capability, not authority over people.

They control things like:

  • Whether a Member can manage Hubs
  • Whether they can configure Celebrations or Values
  • Whether they can access Culture Studio
  • Whether they can manage billing, funding, or reports

They do not:

  • Override Hub-level visibility rules
  • Automatically grant access to sensitive data outside their scope
  • Change how recognition or participation works for other Members

For example, Culture Studio access depends on a specific set of related permissions. When Culture Studio is enabled for a role, the related permissions it depends on are automatically included.

You do not need to manage those dependencies manually.

What invited Users see when they join

When a User is invited, they are prompted to create or connect their personal account as part of joining the Organization.

Once they complete that process:

  • They enter the Organization’s Workspace
  • They see content and navigation based on their role
  • Their access reflects the permissions assigned to that role

There is no separate “lite” or “pending” experience after joining. Members see the Workspace as it is configured for them.

For details on the invitation and first-login experience, see C.7: Logging into MustardHub and C.8: Setting up a User Account.

How Members are invited

Members can be invited from multiple places across MustardHub, depending on context:

  • During or after onboarding
  • From Culture Studio if no Members have been added yet
  • From the Members section in the Admin panel
  • Directly from individual Hubs

All of these entry points lead to the same invite experience.

[Screenshot: Invite Members modal]

Members can be invited one at a time or in bulk. To add Members:

  1. Enter the email address of the intended recipient(s)
  2. Select the role for the recipient(s)
  3. Assign them to any relevant Hubs
  4. Optionally apply Member Tags
  5. Click Send Invite

Managing Members after they are invited

Ongoing Member management happens in Admin → Members.

From there, Admins can:

  • View all Members in the Organization
  • See invitation status (Invited, Joined, Deactivated)
  • Search, sort, and filter the Member list
  • Update roles or deactivate access (with appropriate permissions)

[Screenshot: Members list view with sort dropdown]

Using Member Tags for segmentation

Member Tags are simple, flexible labels used to group Members.

Tags can be used to:

  • Organize Members into logical groups
  • Filter the Member list
  • Support internal workflows or visibility

Tags do not affect permissions or access.

To view and manage Tags, go to Admin → Members → Member Tags.

[Screenshot: Member Tags view]

Tags can be:

  • Created
  • Edited
  • Duplicated
  • Archived

They can be changed at any time without impacting roles or access.

Common misconceptions

  • “If I give someone Admin access, they can see everything.”

    Not necessarily. Access is permission-based and scoped. Roles enable capabilities, not blanket visibility. 

  • “Roles are permanent decisions.”

    They are not. Roles can be changed at any time.

  • “I need to get roles perfect before inviting people.”

    You do not. Defaults are designed to be safe starting points.

  • “More permissions means more risk.”

    In practice, permissions in MustardHub are designed to support operation, not oversight. Over-restricting access often creates more friction than safety.

Recommended articles

  • C.3:  Hubs & Hub Settings (Overview)

    Learn about Hub visibility and management behavior.

  • B.7: Funding Your Workspace

    Get more details on funding and financial permissions.

  • C.8: Setting up a User Account

    Get new Users up and running and see what happens after someone is invited.