Roles and permissions
Plenar has two levels of access control: organization roles and project-level API token roles.
Organization roles
Organization roles control access to organization-wide settings and member management.
| Role | What they can do |
|---|---|
| Owner | Full access. Manage billing, delete the organization, transfer ownership. |
| Admin | Manage members, configure integrations, create projects, manage organization settings. Cannot delete the organization or transfer ownership. |
| Member | View organization members. Must be assigned to projects individually. Cannot modify organization settings. |
Key rules
- Every organization has at least one Owner.
- Admins can invite new members and assign roles up to Admin.
- Members can see the organization roster but cannot modify it.
- Project access is separate from organization role — being an Admin does not automatically grant access to all projects.
Project access
Project access is controlled by project team assignment. A user must be explicitly added to a project’s team before they can view or interact with it.
Within a project, all team members have equal access to:
- View the schedule, timeline, and scope table
- Edit tasks, estimates, assignments, and dependencies
- Add and remove time off
- View and use the New Plan preview
Project settings (scheduling constraints, integrations) are managed by organization Admins and Owners.
API token roles
API tokens provide programmatic access to a specific project. They are used by the MCP integration and the CLI.
| Role | Preview changes | Apply changes | Read data | Manage settings |
|---|---|---|---|---|
| Planner | Yes | Yes | Yes | Yes |
| Contributor | Yes | No | Yes | No |
Planner tokens
Full access. Claude Code (or any API client) can preview changes, apply them, and manage project settings. Use this when you want the agent to operate autonomously.
Contributor tokens
Read and preview access only. Claude Code can preview changes and show you the impact, but applying must be done from the dashboard or by a Planner-role token. Use this when you want to review and approve every change manually.
Token management
- Tokens are scoped to a single project
- Generate tokens in Settings > API Tokens (navigate to your project in the dashboard)
- Token values are shown only once at creation — store them securely
- Revoke tokens at any time from the same settings page
- Each token has a name for identification (e.g., “Claude Code”, “CI Pipeline”)
MCP permissions
When using Plenar through Claude Code (MCP), permissions follow the API token role:
- Read-only tools (
plenar_get_my_tasks,plenar_get_schedule_status, etc.) work with both Planner and Contributor tokens - Write tools (
plenar_start_task,plenar_update_estimate, etc.) work with both roles — they produce previews - Apply (
plenar_apply_changes) requires a Planner token
Contributors can use the full workflow up to the point of applying. Their previews are cached and can be applied from the dashboard.
Best practices
- Use Contributor tokens for shared environments where multiple people might run Claude Code against the same project. This prevents accidental applies.
- Use Planner tokens for personal development workflows where you want Claude to manage the plan end-to-end.
- Create separate tokens for different uses — one for Claude Code, one for CI/CD. This way you can revoke one without affecting the other.
- Rotate tokens periodically — especially if team members leave or tokens are stored in shared configuration files.