> ## Documentation Index
> Fetch the complete documentation index at: https://docs.anyshift.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Roles & Permissions

> Understanding the three roles in Anyshift and what each can do

Anyshift uses role-based access control (RBAC) with three roles: **Organization Admin**, **Project Admin**, and **Member**.

## Role Overview

| Permission                        | Org Admin | Project Admin | Member |
| --------------------------------- | :-------: | :-----------: | :----: |
| Use Annie chat                    |     ✓     |       ✓       |    ✓   |
| View project data                 |     ✓     |       ✓       |    ✓   |
| Manage integrations               |     ✓     |       ✓       |    ✗   |
| Invite/remove project members     |     ✓     |       ✓       |    ✗   |
| Manage project settings           |     ✓     |       ✓       |    ✗   |
| Create projects                   |     ✓     |       ✗       |    ✗   |
| Manage org admins                 |     ✓     |       ✗       |    ✗   |
| Configure MFA & SSO               |     ✓     |       ✗       |    ✗   |
| Access all projects automatically |     ✓     |       ✗       |    ✗   |

## Organization Admin

Organization admins have full control over the organization and all its projects. They are automatically a project admin on every project — no per-project assignment needed.

Org admins can:

* Create and delete projects
* Promote or demote other org admins
* Enforce MFA and configure SSO
* Manage members across all projects

<Warning>
  An org admin cannot be removed from an individual project. To revoke their access, demote them at the organization level first.
</Warning>

## Project Admin

Project admins have read/write access to a specific project. They manage day-to-day operations like connecting integrations and inviting team members.

Project admins can:

* Configure integrations for their project
* Invite and remove project members
* Promote members to project admin
* Manage [Slack channel mappings and on-call registration](/pages/product/integration/slack#permissions--access-control)

## Member

Members have read-only access to the projects they are assigned to. They can use Annie to chat and explore the knowledge graph but cannot change project settings or integrations.

## How Role Assignment Works

* **Org admins** are assigned at the organization level and automatically have admin access to every project.
* **Project admins** and **members** are assigned per project by an org admin or project admin.
* A user can have different roles on different projects (e.g., admin on one, member on another).
