People & Permissions

How Communa handles the people who interact with your agents — workspace teammates, external contacts, and the trust levels in between.

Tip: Your agent can answer questions about who has access. Ask it — "Who's in this workspace?", "What can a Member do?", "Show me what this agent knows about Sarah" — and it will walk you through it.

Overview

People interact with Communa in two different ways, and it helps to keep them separate in your mind:

  • Workspace roles — Who can do what in your Communa dashboard (Owner, Admin, Member). These are enforced rules.
  • Per-agent people — Who your agent talks to and how it treats them. The agent maintains memory about each person, and you can give it personalized instructions for each one.

Info: Workspace roles are strictly enforced by Communa. The way your agent treats different senders is shaped by instructions you can customize — think of it as steering the agent's judgment, not building a wall. We cover both below and where each one applies.

Workspace Roles

Every workspace has three roles. Each one has its own permissions:

RoleWhat They Can Do
OwnerEverything. Manages members, billing, and the workspace itself. Each workspace has exactly one Owner — the person who created it.
AdminManages projects, agents, skills, and invites Members. Cannot manage billing or delete the workspace.
MemberCreates and works with projects and agents. Cannot invite people or manage other members.

Roles are hierarchical — higher roles include everything the lower roles can do, plus more.

Owner-Only Actions

A few actions are reserved for the Owner alone:

  • Billing — Plans, payment methods, credit top-ups, subscription changes
  • Workspace deletion — Permanently removing the workspace
  • Promoting Admins — Only the Owner can grant the Admin role

If you're an Admin or Member, you'll see the Billing page redirect with a friendly message, and Owner-only buttons will be hidden in your view. Ask your Owner to handle these actions.

Info: For the full list of what each role can do across the platform, see Platform Overview.

Inviting Teammates

Owners and Admins can invite people to a workspace:

  1. Open Workspace Settings from the workspace switcher at the bottom of the sidebar
  2. Scroll to Members and click Invite
  3. Enter the person's email and pick a role
  4. Click Send Invite

Invites are sent by email and expire after 72 hours. You can resend or revoke pending invites from the Members table at any time.

A few rules to know:

  • Admins can only invite Members — promoting to Admin is Owner-only
  • You can't have two pending invites for the same email — revoke the old one first
  • Accepting an invite is automatic if the person is already logged in; otherwise it completes after they sign in

Two-Factor Authentication (2FA)

Workspace Owners can require 2FA for everyone in the workspace. When enabled:

  • All existing members get a grace period (shown in days) to set up 2FA
  • New invites must set up 2FA before getting full dashboard access
  • The setting lives in Workspace Settings → Security

Info: 2FA secures access to your Communa dashboard. It's a strong protection for the people in your workspace logging in to Communa itself. It doesn't change how your agent behaves when it talks to people on Telegram, WhatsApp, or other channels — those interactions are shaped by the trust tiers covered below.

Per-Agent People

Separate from workspace roles, each agent keeps track of the people it talks to. You'll find this under the People tab on any agent's detail page.

People are split into two groups:

GroupWho They Are
InternalYour workspace teammates — anyone with a workspace role (Owner, Admin, or Member)
ExternalAnyone messaging your agent through Telegram, WhatsApp, Voice, or Email who is not a workspace member

For each person, the agent maintains two pieces of information:

  • Memory — What the agent has learned about them through conversations. The agent updates this on its own as it interacts with them.
  • Instructions — Personalized notes from you, the Owner, about how the agent should treat this specific person. Only you can see and edit these.

Working with People

A few useful actions on the People tab:

  • Add manually — Add someone before they first message your agent (e.g., give the agent context about a new customer before introducing them)
  • Edit memory — Correct or refine what the agent remembers about a person
  • Add instructions — Tell the agent how to handle this person specifically ("Sarah prefers concise replies", "This is a VIP — be extra accommodating")
  • Merge — Combine two records that turn out to be the same person across different channels (same human messaging on both WhatsApp and Telegram)

Tip: Per-person instructions are powerful for exceptions. Use them when one person needs different treatment than your general tier-level instructions would provide.

Trust Tiers — How the Agent Treats Different Senders

When someone messages your agent, the agent knows which tier they belong to and adjusts its behavior accordingly. There are four tiers:

TierWho They Are
OwnerYou — the workspace creator with full authority
AdminYour trusted teammates with broad permissions
MemberYour regular workspace teammates
ExternalAnyone messaging via Telegram, WhatsApp, Voice, or Email who isn't part of your workspace

For each tier, the agent has a default style — cooperative and broad for Owners, helpful but careful for Members, careful and scoped for External senders. You can customize this in Agent Settings → Roles & Permissions.

Customizing the Tier Prompts

In Roles & Permissions, each tier shows two things:

  1. Can / Cannot — The hard rules Communa enforces for this tier. You can't change these; they're the system's job.
  2. The prompt — The text the agent reads about how to treat this sender. This is fully customizable.

For example, the default External prompt tells your agent to be careful with private information and stay within the scope you've defined. You can rewrite it to be friendlier, stricter, more specific to your use case, or anything in between.

Tip: Start with the defaults — they cover most situations well. Customize a tier when you have a specific behavior you want, like "For External senders, always offer to escalate to a human if they sound frustrated."

What Communa Enforces vs. What's Guided

This is important to understand clearly:

Communa strictly enforces:

  • Workspace role permissions (who can do what in the dashboard)
  • Owner-only actions (billing, workspace deletion, promoting Admins)
  • Outbound email whitelist (your agent can only send to email addresses you've approved)
  • Credential isolation (your agent never sees the raw values of passwords or API keys — only their names)

The trust-tier prompts guide your agent's behavior, but they're not a hard wall. They're instructions, and like any instructions given to an AI, the agent can occasionally interpret them loosely. They're a strong influence, not a perfect filter.

What This Means in Practice

A few habits that help you stay in good shape:

  • Don't store secrets in instructions or per-person notes. Use Credentials for anything sensitive — that's the system that's actually built to hide them.
  • Be intentional about what you ask external senders to share. If something is sensitive, don't rely on a prompt to stop the agent from acting on it.
  • Use the Mail whitelist for hard limits on outbound email. It's enforced strictly, unlike prompt text.
  • Review the Change Log periodically. It shows what your agent has done across all senders — a great way to spot anything unexpected early.

Best Practices

  • Keep the Owner tier loose — You're the most trusted sender; let your agent be fully helpful with you
  • Be more specific for External — The External tier is where it pays to be explicit about scope ("Help with order status and returns only; for anything else, ask them to contact support")
  • Use per-person instructions for exceptions — A single VIP customer or a difficult contact doesn't require rewriting your whole External tier
  • Don't lean on prompts for safety-critical decisions — Use Credentials, the email whitelist, and your own review for anything that really matters
  • Revisit periodically — As your agent's role evolves, the trust-tier prompts should evolve with it

What's Next?

  • Platform Overview — Workspace, project, and billing structure
  • Credentials — Where to store secrets so your agent can use them without seeing them
  • Mail — How the outbound email whitelist gives you hard control over who your agent emails
  • Change Log — Review what your agent has done and revert anything you didn't expect

Previous

Platform Overview

Next

Agent Overview