Roles and permissions – Runway Help Center

At the heart of every successful finance team is collaboration, and that's where Runway shines. But we also acknowledge the sensitivity of the data you entrust to us. That's why Runway offers four different roles, each with different access levels to resources. We’ve designed permissions to cover a wide spectrum of use cases - from granting access to internal team leaders to accommodating external stakeholders like board members and investors.

Glossary

Before we dive into the specifics of different roles and the process of provisioning new users in Runway, let's familiarize ourselves with some terminology used throughout this article:

Resource — This term can refer to a Model, Database, or Page.

Role — Runway offers four roles:

Admin — Think of this as a superuser who can access all data and perform all actions in Runway. This role is typically limited to members of the finance team who are the primary owners of your model.

Manager — This role is for users who need full access to your data, with the exception of anonymized sensitive numbers. They also don’t have ability to make organization-level actions, such as merging scenarios into your main scenario.

Member — Recommended for the majority of users in your organization. Members do not have access to any resources by default. They must be explicitly given access to a resource which you can choose to share with full, edit or view access.

Guest — Recommended for users outside your organization. It only allows view access to the limited set of resources you choose to share, such as board members and investors.

Access level — When a user has access to a specific resource, you can define their access level to that resource. The options are:

No access — The user can't access the resource, and it won't appear in their left navigation menu.

Can view — The user has readonly access to the resource and can't perform any actions.

Can edit — The user can edit the data in the resource, but can't modify other users' access levels to it.

Full access — In addition to editing the resource’s data, a user can change other users’ access, duplicate, and delete the resource.

Roles

Runway offers four distinct roles. The comparison table below details the default capabilities for each role.

In addition to assigning roles, you can also set different access levels for guests, members, and managers on a resource-by-resource basis. After reviewing the table, we suggest reading the "Resources Access Level in Runway" section.

	Admin	Manager	Member	Guest
See and edit pages, models, and databases	Have full access to all resources.	By default, they have full access to all resources. Their access to specific resources can be adjusted to 'can edit', 'can view', or 'no access' as needed. More details about the different access levels.	Don’t have access to any resources by default. They must be explicitly given access to a resource to view it. Their access level can vary from one resource to another (’full access’, ‘can edit’, ‘can view’). More details about the different access levels.	Don’t have access to any resources by default. They must be explicitly granted access to a resource to view it. Guests can’t perform any edits.
Accessing and tracing the details view of a specific driver or database object	Can open the details view of any driver or database object and freely drill into any of its dependents.	Can open the details view and see the dependents (inputs, used by, plans). However, they can only navigate to the details view of a dependent that resides in a resource they have permission to access. Can see indirect inputs.	Can open the details view and see the dependents (inputs, used by, plans). However, they can only navigate to the details view of a dependent that resides in a resource they have permission to access. Can’t see indirect inputs.	Can’t open the details view.
See and edit existing scenarios	Can access and edit all published and non-published scenarios.	Can only access published scenarios. If you grant edit or full access to a resource, the Manager can edit the Page in all published scenarios	Can only access published scenarios. If you grant edit or full access to a resource, the Member can edit the Page in all published scenarios	Must be granted explicit access to scenarios for each resource shared with them. Guests can’t perform any edits.
Access the integrations section, delete, and set up new ones	Full access to integrations.	Can authenticate new integrations, but can’t see the output or queries.	Can authenticate new integrations, but can’t see the output or queries.	🚫
Create a scenario	✅	✅ - By performing edits to resource they have access to.	✅ - By performing edits to resource they have access to.	🚫
Move Last Close date	✅	✅	🚫	🚫
Create a new resource: pages, models, and databases	✅	✅	🚫	🚫
Modify resources hierarchy like moving a page to a different section in the left navigation	✅	🚫	🚫	🚫
Review & merge scenarios into Main	✅	🚫	🚫	🚫
Publish a scenario	✅	🚫	🚫	🚫
See, edit, or reveal anonymized data	✅	🚫	🚫	🚫
Edit the org-wide settings (general, billing, users, APIs, dimensions)	✅	🚫	🚫	🚫

⚠️

Make sure to toggle on specific scenarios before sharing them with team members. See this article for details.

Resource access level

A user's access level can vary on a resource-by-resource basis. For instance, a single member might have view access to one database, edit access to some models, and full access to a particular page. The comparison below illustrates what a user can do with a specific resource, depending on their access level for that resource.

Many of the edits in the table below are scoped to a scenario that requires an admin's review and merge before they appear in your main scenario. You can find more information about Scenarios here.

	Full access	Can edit	Can view
Editing formulas	✅	✅ - In the formula editor, they can only reference other drivers or database objects that are in a resource they have access to.	🚫
Adding, referencing, or deleting drivers to a block	✅	✅ - When referencing an existing driver, they can only reference other drivers within resources they have access to.	🚫
Adding or deleting a block on a page	✅	✅ - When adding new drivers or database blocks they can only reference drivers or database rows that are in a resource they have access to.	🚫
Editing actual values	✅	✅	🚫
Editing forecast values	✅	✅	🚫
Editing values in the detail pane	✅	✅ - in the detail pane, can edit values that are in a resource they have access to.	🚫
Change KPIs and formatting, such as colors, indenting and descriptions	✅	✅	🚫
Customize a block: show/hide properties, change the rollup, date range, or comparison config.	✅	✅	🚫
Can delete the resource	✅	✅	🚫
Adding or deleting database objects to a block	✅	✅	🚫
Add, remove, or change the access level of a user to resource	✅	🚫	🚫

Provisioning users to your org

In Runway, there are two methods to add users to your organization: from the Settings menu or via the Share menu in a specific resource. We recommend using the Settings if you're adding admins, managers, or members. However, if you're adding guests, it's best to do so directly from the Share menu of the resources you want them to access.

Adding new users from Settings

The first method to add users to your Runway organization is through the Settings menu. Click on your avatar in the top-right corner, followed by clicking on Settings and then Users. In the provided text box, you can enter one or more email addresses, either space-separated or comma-separated. You also have the option to define their role. After entering the necessary details, click "Invite".

🚨

Reminder — Guests and Members don't have default access to any resources. You must explicitly add them to a specific resource via the share menu, as detailed in the next section. However, admins and managers automatically have access to all resources.

ℹ️

FYI — We don’t trigger an email invite when you add users to Runway. We believe that as the model owner, you should be in control of the timing and framing for how you bring your team and collaborators into Runway. You can share your org URL or the URL of a specific resource with folks directly and they’ll be routed to the pages they have access to on login.

You can distinguish between users who have accessed Runway at least once since being added to your organization and those who have never visited Runway by looking at their avatar.

Adding new users via the Share menu in a specific resource

You can also add new users to Runway within a specific resource via the Share menu. Click the Share button in the top right corner of a specific resource. The first tab, labeled "Share," will display a list of Guests, Members, and Managers who have access to that resource.

A text box is also available for adding users to this resource. Start typing their email. If the user is already part of your organization, their name will appear in the dropdown menu. If it's a new user, you'll be prompted to invite them. You can also paste a list of emails separated by spaces or commas.

Note that new users who are added for the first time through the share menu are assigned a Guest role. You can change their role in the Settings if necessary.

From this list, you can adjust a specific user's access level to the resource:

For Guests — Choose between 'Can view' or 'No access'.

For Members & Managers — Options include 'Can view', 'Can edit', 'Full access', or 'No access'.

For Admins — They automatically have 'Full access' to all resources.

Navigate to the "Guest Settings" tab to define the scenarios that guests can view on this resource. By default, only the Main scenario is selected. Keep in mind, shared scenarios are determined on a per-resource basis and impacts all guests.

For easy mass guest addition, enable the "Guest invite link". Anyone with this link can access the resource. If a user has never been added to Runway before and they log in through that link, they will appear as a guest in your user list.

Admins impersonating other users

This feature is exclusively available to users with an Admin role. If an admin needs to view Runway from another user's perspective, they can impersonate that user. This is particularly helpful for testing permissions and access issues reported by team members. To do this, navigate to Settings > Users, then click on the impersonate icon next to the desired user. Note that Admins can’t impersonate other Admins.

FAQ

I added some users in Settings, but they don't show up when I type their email in the share menu of a specific resource. Why is that?

After adding new users, a hard refresh is required for the changes to be reflected throughout the product. We recognize that this can be confusing, and we're working on a solution.

I added some users, but they didn't receive an email notification from Runway. Is this expected?

Yes, it's expected. Currently, we don't send an email invite when you add users to Runway. We believe that as the model owner, you should control the timing and context of introducing your team and collaborators to Runway. You can directly share your organization's URL or the URL of a specific resource with them. Upon login, they'll have access to the pages they're permitted to view.

How do I modify the permissions of an existing user? Do I do this in settings or in the share menu of a certain resource?

To completely remove a user, go to the settings page. The settings page is also where you can change a user's role (e.g., guest, member, manager, admin). However, if you want to modify a user's access level (can view, can edit, full access) for a specific resource, make this change in the share menu of that resource.