Introduction
This guide outlines the roles and permissions in Rhythms, an AI-powered Business Operating System designed to transform team workflows through OKRs (Objectives and Key Results). Rhythms uses a role-based access control (RBAC) system with roles like Rhythms Platform Administrator, OKR Administrator, Team Owner, and Member, along with additional roles like Read-Only User and Delegate. These roles ensure that your organization can securely manage access, control OKR creation, and foster collaboration while aligning teams to strategic goals.
Rhythms’ RBAC system balances flexibility and simplicity, allowing you to customize permissions at the organization, team, or individual level, simplify administration with intuitive roles, and scale effortlessly as your organization grows. Whether you’re a Rhythms Platform Administrator setting up the system or a team member contributing to OKRs, this document will help you understand your role and the permissions available to you.
Roles in Rhythms
Rhythms includes several roles to support your OKR program, each with specific permissions to ensure secure and efficient management. The table below summarizes the standard roles, their descriptions, and their permissions:
Role | Description | Permissions |
Rhythms Platform Administrator | Manages the Rhythms workspace setup for the organization. Typically assigned to organization members with system administration access. | Manage user accounts and teams; set up integrations (e.g., SSO, SCIM); configure organization-wide OKR settings (e.g., time period, terminology); configure roles; control permissions for OKR creation at the organization level; access all OKRs in the organization. |
OKR Administrator | Oversees the OKR program, often an executive or OKR champion. | Add members to the organization; create and manage teams; create organization-level OKRs; create team-level OKRs within their organization; configure organization settings (e.g., who can create OKRs); access all OKRs in the organization, except those with restricted visibility. |
Team Owner | Manages a specific team, typically a team lead or OKR champion at the team level. | Add members to their team; create team-level OKRs; edit OKRs owned by their team; configure team settings (e.g., OKR creation permissions, check-in rhythms); access all OKRs within their team, except those with restricted visibility. |
Member | Default role for most users, typically employees participating in the OKR process. | Create individual OKRs; create team or organization-level OKRs, if permitted; edit and check in on OKRs they own or are assigned; view OKRs they have access to, based on permissions. |
Additional Roles
In addition to the standard roles, Rhythms offers the following roles to provide further flexibility:
Read-Only User:
A Read-Only User can view OKRs and related data but cannot create, edit, or check in on OKRs. This role is ideal for stakeholders who need visibility into the OKR process without contributing directly, such as auditors or external consultants. Rhythms Platform Administrators or OKR Administrator can assign this role to users.Delegate:
A Delegate is a user assigned by an OKR owner to act on their behalf for specific OKRs. Delegates can edit, check in, view, and align the OKR, making this role useful for assistants or team members supporting a busy OKR owner. To assign a delegate, the OKR owner can select Manage Permissions when editing an OKR and add the user to grant edit access.
Permissions in Rhythms
Permissions in Rhythms are tied to roles and can be customized to control who can perform specific actions. The table below summarizes the key permissions for each standard role:
Action | Rhythms Platform Administrator | OKR Administrator | Team Owner | Member |
Create Organization OKRs | Yes | Yes, can configure who else can create | No* | No* |
Create Team OKRs | Yes | Yes | Yes, can configure who else can create | No* |
Create Individual OKRs | Yes | Yes | Yes | Yes |
Edit OKRs | Yes (all OKRs) | Yes (all OKRs) | Yes (team OKRs) | Yes (OKRs they own or are assigned) |
View OKRs | Yes (all in organization) | Yes (all in organization, except those with restricted visibility) | Yes (all in team, except those with restricted visibility) | Yes (OKRs they have access to) |
Align OKRs | Yes | Yes | Yes | Yes (to OKRs they can view, unless restricted) |
Perform Check-Ins | Yes | Yes (for OKRs they can edit) | Yes (for OKRs they can edit) | Yes (for OKRs they can edit) |
Add Users to Organization | Yes | Yes | No | No |
Add Users to Team | Yes | Yes | Yes (to their team) | No |
Create Teams | Yes | Yes | No | No |
Deactivate Users | Yes | No | No | No |
Configure Integrations (e.g., SSO, SCIM) | Yes | No | No | No |
Note: * indicates that the action can be performed only if permitted by the organization or team settings configured by the OKR Administrator or Team Owner. For example, Team Owners and Members can create organization-level OKRs if the OKR Administrator sets the permission to "Only Team Owners," "Anyone in the Organization," or includes them as a "Specific User." Members can create team-level OKRs if the Team Owner sets the permission to "All Team Members" or includes them as a "Specific User."
Additional Role Permissions
The following roles have specific permissions that complement the standard roles:
Read-Only User:
View OKRs: Can view OKRs they have access to, based on visibility settings.
Other Actions: Cannot create, edit, align, or check in on OKRs, nor perform any user or team management tasks.
Delegate:
Edit, View, Align, and Check-In on OKRs: Can perform these actions for OKRs they are delegated to manage, acting as if they were the OKR owner.
Other Actions: Cannot create new OKRs or perform user or team management tasks unless granted additional roles (e.g., Team Owner).