# Role-Based Access Controls (RBAC) and Groups

Role-Based Access Control (RBAC) lets you control what each member can see and do in StackAI. Use RBAC to protect sensitive data, reduce accidental changes, and keep production projects stable.

RBAC affects access to:

* **Projects** (who can build vs who can run)
* **Connections** (who can view and manage integrations)
* **Organization settings** (who can manage security, users, and governance)

### Roles and permissions

StackAI has four roles. Each role controls access to projects, settings, connections, and actions.

* **Admin**: Full access to the organization, including all projects, settings, users, and connections.
* **Editor**: Create and edit projects. Access connections they created or that were shared with them.
* **User**: Run published projects. Access connections they created or that were shared with them.
* **Viewer**: Run published projects only. No access to the workflow builder or connections.

#### Common role patterns

* **Admins**: IT/security owners and a small set of trusted builders.
* **Editors**: Workflow builders who maintain projects and publish updates.
* **Users**: Operators who run published projects in production.
* **Viewers**: Stakeholders who need access to outputs, but not configuration.

***

### Assign a role when inviting a user

Select a role when you invite a new member. This role applies immediately after they join.

If you’re unsure which role to use, start with **User**. You can promote them later if they need build access.

<figure><img src="/files/iB4lpRTRfmYjGHel2qnB" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
If you use SSO, you can set a default role for newly provisioned users.
{% endhint %}

***

### Change a user’s role

Admins can update roles at any time. Changes apply in real time.

Role changes are useful for temporary access. For example, make someone an Editor during a build sprint. Then revert them to User after publishing.

<figure><img src="/files/YVfSQvomiMAa4CeIYqcx" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.stackai.com/welcome-to-stackai/security-and-governance/security-in-stackai/role-based-access-controls-rbac-and-groups.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.