Access Levels and Permissions

When a client invites you into their SDX organization, they pick one of three access levels. Each level is a hard boundary in the app — UI elements you can't use are hidden or disabled.

Level	Read	Write	Admin
READ	✓	—	—
OPERATE	✓	✓	—
FULL	✓	✓	✓

What each level lets you do

READ (read-only)

View the client's properties, meters, scores, and reports.
Export reports.
See dashboards and benchmarks.
Cannot add or edit properties, submit data, change settings, or invite other users.

Use this when you're auditing a client's portfolio without touching it — or when an engagement hasn't formally started.

OPERATE

Everything in READ, plus:

Add and edit properties.
Submit utility readings, bills, and meter data.
Run reports and exports against the client's portfolio.
Connect ENERGY STAR Portfolio Manager and Green Button utilities on the client's behalf.
Cannot change org-level settings, manage users, or invite/revoke other representatives.

This is the typical level for a consultant doing day-to-day data management on behalf of a client.

FULL

Everything in OPERATE, plus:

Change organization profile, emission factor overrides, and reporting preferences.
Invite or revoke other representatives.
Manage API keys for the client.
Access billing and licensing settings.

This is for engagements where the client wants you to run their entire SDX presence.

The client. Each client picks the level for you when they invite you, and they can change it later from their side. You can't escalate your own access — you can only request a change and have them grant it.

If you have OPERATE on Client A and FULL on Client B, both are correct: levels are scoped to each engagement.

What you see when access is restricted

Buttons and fields you don't have permission to use are either hidden or disabled. We do not show "you don't have permission" errors after the fact for normal UI actions — the UI reflects your access level at the moment you load it.