Documentation Index
Fetch the complete documentation index at: https://docs.matproof.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Matproof uses four roles to control what team members can see and do. Roles are assigned per user when they are invited and can be changed later by an Admin or Owner.Role comparison
| Permission | Owner | Admin | User | Auditor |
|---|---|---|---|---|
| View controls, evidence, policies, risks | Yes | Yes | Yes | Yes |
| Edit controls, evidence, policies, risks | Yes | Yes | Yes | No |
| Manage vendors | Yes | Yes | Yes | No |
| View integrations | Yes | Yes | No | No |
| Manage integrations | Yes | Yes | No | No |
| Invite / remove users | Yes | Yes | No | No |
| View and edit settings | Yes | Yes | No | No |
| Manage billing | Yes | No | No | No |
| Delete organization | Yes | No | No | No |
Role descriptions
Owner
Full access to everything including billing and the ability to delete the organization. There is exactly one Owner per organization. Ownership can be transferred to another user in Settings → Team. Use this role for the founder or the accountable executive sponsor of the compliance program.Admin
Full access to all compliance features and team management. Admins can invite and remove users, manage integrations, and configure settings. They cannot touch billing or delete the organization. Use this role for the compliance manager or IT security lead who runs the day-to-day compliance program.User
Can view and edit all compliance content — controls, evidence, policies, risk register, and vendors. Cannot manage users, view integrations, or change settings.User is the right role for most team members — engineers, department leads, and anyone who contributes to the compliance program without needing administrative access.
Auditor
Read-only access to controls, evidence, and policies. Auditors have a dedicated view optimized for audit work and are redirected to the auditor dashboard on login. They cannot see settings, integrations, or the People module. Use this role for external auditors and certification bodies during an audit engagement.Inviting team members
- Go to Settings → Team
- Click Invite member
- Enter their email address
- Select a role
- Click Send invite
Changing a role
- Go to Settings → Team
- Find the team member
- Click the role dropdown next to their name
- Select the new role
Removing a user
- Go to Settings → Team
- Click the three-dot menu next to the user
- Select Remove from workspace
Inviting external auditors
External auditors need access to review your compliance posture. The Auditor role gives them what they need without exposing internal settings.Auditor portal
Auditors land on a dedicated dashboard showing controls, evidence status, policy documents, and risk register — organized for efficient audit review.
Read-only guarantee
Auditors cannot modify any records. They can download evidence files and export reports, but cannot create, edit, or delete anything.
- Invite your external auditor via Settings → Team with the Auditor role
- Share the link to your workspace
- The auditor accesses the auditor dashboard and reviews evidence at their own pace
- Remove the auditor’s access after the audit is complete
Feature flags
Some advanced features are controlled by feature flags at the organization level. These are not self-serve — contact Matproof support to enable them.| Feature flag | What it enables |
|---|---|
ai-vendor-questionnaire | AI-assisted vendor questionnaire filling and response analysis |
advancedModeEnabled | Advanced mode with additional configuration options for power users |