Control exactly who can see, edit, create, or delete across every workspace and feature — with five built-in role levels, granular custom permissions, instant revocation, and a full audit trail for every change.
Varuna ships with five pre-configured roles: Admin, Manager, Member, Viewer, and External Guest. Each role has a well-defined permission set that covers 95% of organisational needs out of the box, with no configuration required.
Ready in minutesThe same person can hold different roles in different workspaces. Ravi might be an Admin in the Engineering workspace and a Viewer in the Finance workspace. Role assignments are fully independent across workspaces.
Per-workspace role assignmentOn Business and Enterprise plans, you can create custom roles with granular permission sets — controlling access to specific features, data types, and actions at the field level. All changes take effect immediately.
Custom roles on Business planVaruna maintains a complete audit trail of all permission changes — who changed what, when, and why. Role assignments, revocations, and custom permission modifications are all logged for compliance and security review.
Full audit trail of all changesAdmin: full control. Manager: workspace data and team reports. Member: own tasks and team workspace. Viewer: read-only across assigned content. External Guest: limited access to specific items only. Most organisations need nothing beyond these five.
→ Covers 95% of use casesOn Business and Enterprise plans, granular permissions can be set at the feature level: who can create tasks, who can view analytics, who can export data, who can manage integrations, and who can invite members.
→ Granular feature permissionsControl not just what users can do, but what data they can see. Scope visibility by workspace, project, tag, or assignee. External clients see only their project. Junior team members see only their team's workspace.
→ Read-scope controlWhen you change a role, the new permissions apply instantly across all active sessions. No need to log out and back in. Revoked access takes effect immediately — critical for offboarding security.
→ Instant permission propagationEvery permission change is logged: who made the change, which role was modified, what the previous and new settings were, and when. Exportable for compliance audits and security reviews.
→ SOC 2 compliant audit trailInvite clients, contractors, and partners as External Guests with tightly scoped access — one workspace, specific projects, read-only by default. Guest access expires automatically after a configurable period.
→ Auto-expiring guest access| Metric | Without Varuna | With Varuna |
|---|---|---|
| Access control | All-or-nothing admin vs everyone | 5 granular role levels |
| Client data separation | Manual folder management | Workspace isolation enforced by permissions |
| Permission changes | Requires app restart to apply | Instant propagation to all sessions |
| Offboarding security | Manual deactivation, often delayed | One-click revoke, takes effect instantly |
| Audit trail | Not available | Full log of every permission change |
| External guest control | Same access as employees | Scoped, expiring guest access |
| Custom roles | Not configurable | Build custom roles on Business plan |
Set up granular access control for every team member, client, and external collaborator — with five built-in roles ready to use and a full audit trail from day one.