TEAM & ROLES
Your whole team, with exactly the right access
Six roles over a 20-permission model, enforced in the database itself. Invite your accountant, your office manager, and your staff — each one sees precisely what their role allows, and nothing more.
Watch the Team page in action: an email invite goes out, the new member joins without a signup code, gets the accountant role, and every change lands in the audit log.
ROLES
Six roles that match how a business actually runs
Most tools give you admin or not-admin. Cove ships six roles — owner, admin, member, accountant, viewer, and custom — so access maps to real jobs instead of forcing everyone into full control. Roles are assigned per member and can be changed at any time.
Owner and admin
Full control of the workspace: members, settings, and every module. The owner role stays with the person who runs the business.
Accountant
A finance-scoped role for your external or in-house accountant. They work in invoices, expenses, and taxes without touching the rest.
Viewer
Read-only access for anyone who needs to see the numbers but never change them — an investor, a co-founder, a controller.
Custom
Start from the 20-permission model and grant exactly what one person needs. Entire sections can be hidden from their navigation.
SECURITY
Access control enforced in the database, not the interface
Hiding a button is not security. In Cove, the six roles and their 20 permissions are enforced by row-level security on every table: reads are scoped to the workspace and writes are permission-checked in SQL. Even a bug in the interface cannot leak another member's restricted data.
Row-level security on every table
Each query runs as the signed-in member. The database itself refuses reads outside the workspace and writes outside the member's permissions.
An audit log on 35+ tables
A database trigger records every change — who, what, when — into the audit log, shown as a tab on the Team page on Business plans and up.
Same rules for API and AI
API keys and MCP tools see only what their scopes and the member's role jointly allow. There is no side door around the permission model.
Everything on the Team page
The controls you reach for weekly, all in one place.
Email invites
Hashed invite tokens, role picked up front, and no signup verification code for the invitee.
Workspace switching
One account can belong to several organizations — switch between workspaces without logging out.
Per-member custom grants
Grant or revoke any of the 20 permissions for a single member, independent of their base role.
Hidden sections
Remove entire modules from a member's navigation so their workspace shows only what concerns them.
Audit log
A chronological record of changes across 35+ tables, filterable from the Team page on Business and up.
Two-factor sign-in
TOTP and email-code MFA with trusted devices, on top of email-password or Google sign-in.