> ## Documentation Index
> Fetch the complete documentation index at: https://docs.emergence.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Roles and Permissions

> Available roles in CRAFT, what each role can do, and how to assign or remove roles via the UI.

CRAFT uses a role-based access system to control what each person can see and do within your organisation and its projects. Roles apply at two levels: the **organisation level** and the **project level**.

## Organisation-level roles

Organisation-level roles control access to organisation-wide settings and the ability to manage members.

| Role       | What they can do                                                                                                                                                                           |
| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **Owner**  | Full access to everything — invite and deactivate members, manage all projects, configure SSO, view audit logs, and manage organisation settings. There must always be at least one owner. |
| **Admin**  | Invite and deactivate members, create and manage projects, view audit logs. Cannot change organisation billing or ownership.                                                               |
| **Member** | Access to projects they have been explicitly added to. Cannot manage members or organisation settings.                                                                                     |

## Project-level roles

Within a project, users can be assigned more granular roles by a project owner or admin.

| Role          | What they can do                                                                          |
| ------------- | ----------------------------------------------------------------------------------------- |
| **Owner**     | Full access to the project — manage members, create and delete resources, manage secrets. |
| **Admin**     | Manage project members and resources. Cannot delete the project.                          |
| **Developer** | Create, read, and modify resources. Can manage secrets within the project.                |
| **Operator**  | Read resources and trigger workflows. Cannot create or delete resources.                  |
| **Viewer**    | Read-only access to resources and metadata within the project.                            |

<Note>
  Organisation owners and admins automatically have admin-level access to all projects in the organisation, even if they are not explicitly added to a project.
</Note>

## How to assign a role

You assign organisation-level roles when inviting a user or by editing their profile on the **Members** page. See [Manage Users](/guides/customer-admin/manage-users) for step-by-step instructions.

For project-level roles, a project owner or admin assigns roles from within the project settings. Organisation admins can also assign project roles.

## How to remove a role

To remove a user from a project, navigate to the project's **Members** settings and remove them. To change an organisation role, edit the user's profile on the **Members** page.

Removing a user from a project does not deactivate their account — they retain access to other projects they belong to and to the organisation.
