Quip Admin Roles

The Quip admin console has a number of powerful controls, and you may wish to limit which admin can access certain settings. You can use Admin Roles to create custom admin profiles and assign them to specific users. For example, if your organization has a team that responds to user issues, you could create a Help Desk Admin role with the ability to manage users and groups, and therefore respond to tickets, but without access to sensitive security and configuration settings.

Note: if your site had admins before Admin Roles launched in March 2020, all admins defaulted to the Super Admin role, which aligns with the permissions that they had before.

Creating Roles

You create and manage roles by clicking Settings, then Site Settings, in the left sidebar, and scrolling down to Admin Roles.

Default Roles
There are two admin roles available at your site by default, which cannot be edited or deleted. The Super Admin role can view and edit everything within your site, with the exception of unredacted access to content. The Site Admin role can view and edit everything except billing, unredacted access to content, and management of admin roles.

Custom Roles
To create a custom profile, click the “Create New Role” button and choose a unique name for the role, then select the appropriate level for each permission set in the matrix below.

There are three permissions levels:

• Edit permissions give the admin full access to see and modify the setting or information.
• View permissions let the admin see the setting, and know its current state, but not change the setting or information.
• Hidden permissions hide the setting from the admin; they won’t see the setting or information at all.

Assigning Roles

You can manage admin role assignments to users in the Site Members section of the admin console. The Role column shows their current admin role (if any), and you can change their role or remove them as an admin by selecting “Modify Admin Role” in the dropdown menu on the right.

Editing and Deleting Roles

Once a custom role has been created, it appears in the table of admin roles in your Site Settings page. You can use the “Edit Role” and “Delete Role” options in the dropdown on the right of each row to modify a role.

You can edit a role by changing its name or the permissions assigned to the role. Any changes will take effect immediately for all admins assign to that role.

When deleting a role, you can choose what the effect should be for admins currently assigned to the role you’re deleting. You can either immediately remove them as admins entirely, or choose a different role for those admins to be re-assigned to.

Permissions

Unredacted Audit Access to All Members & Content

One permission that you can assign in Admin Roles is Unredacted Audit Access to All Members & Content. Admins with this permission have wide-ranging capabilities to view and edit content and users at your site. For example, these admins can:

• View and export any document (including its full history and conversation log) at your site.
• Add themselves to any document at your site with full access to edit it, share it, or delete it.
• View additional information about all members of your site, including a list of all the content they have access to, all the link-shared content they’ve created, and all their contacts.
• Export your entire site’s content and member profile information.

Unredacted Audit Access is designed for eDiscovery and security auditing use cases, and grants broad access to your site. At most Quip sites, there’s no admin with this permission — it’s not usually necessary. We recommend using caution when granting this powerful permission, and whenever possible using a combination of narrower permissions.