> ## Documentation Index
> Fetch the complete documentation index at: https://www.qovery.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Members & RBAC

> Manage organization members and role-based access control

## Organization Members

You can invite someone to join your organization by email. Once they accept the invitation, they will have access to the organization and all its projects based on their assigned role.

### Accessing Members Settings

<Steps>
  <Step title="Open Organization Settings">
    Click the Settings tab while you are on your organization overview.

    <Frame>
      <img src="https://mintcdn.com/qovery/ziWdn5St6rf4bcBc/images/configuration/organization/access_settings.png?fit=max&auto=format&n=ziWdn5St6rf4bcBc&q=85&s=140314c21898938101ad4f82e2c78a98" alt="How to access your organization settings" width="2784" height="1830" data-path="images/configuration/organization/access_settings.png" />
    </Frame>
  </Step>

  <Step title="Navigate to Members Section">
    Open the **Members** section within the organization settings

    <Frame>
      <img src="https://mintcdn.com/qovery/ziWdn5St6rf4bcBc/images/configuration/organization/members.png?fit=max&auto=format&n=ziWdn5St6rf4bcBc&q=85&s=2bb6a3b24c8de1597b728719bc293feb" alt="Qovery - List all members within an organization" width="3164" height="2070" data-path="images/configuration/organization/members.png" />
    </Frame>
  </Step>
</Steps>

### Inviting Members

1. Click the **Invite Member** button
2. Enter the member's email address
3. Select a role (see Default Roles below)
4. Click **Send Invitation**

The invited member will receive an email with instructions to join the organization.

<Info>
  Changing the role of a member requires the user to logout/login to make the
  changes effective or wait a few minutes (max 1 hour).
</Info>

## Default Roles

Qovery provides 5 default roles with predefined permissions:

### Owner

The user has full access to the organization. Only one user can be the owner of the organization.

### Admin

Same as the owner, the user has full access to the organization but cannot delete it.

### DevOps

The user can manage the organization infrastructure (clusters/registry/webhook setup) and manage the deployments of any environment within the organization.

### Billing Manager

The user can only manage the billing of the organization.

### Viewer

The user has read-only access to any section of the organization.

## Permissions Matrix

| Action                                            | Owner | Admin | DevOps | Billing Manager | Viewer |
| ------------------------------------------------- | ----- | ----- | ------ | --------------- | ------ |
| Read organization                                 | yes   | yes   | yes    | yes             | yes    |
| Edit organization                                 | yes   | yes   | no     | no              | no     |
| Delete organization                               | yes   | no    | no     | no              | no     |
| Manage billing                                    | yes   | yes   | no     | yes             | no     |
| Manage members & roles                            | yes   | yes   | no     | no              | no     |
| Manage cluster & container registry               | yes   | yes   | yes    | no              | no     |
| Manage organization setup                         | yes   | yes   | yes    | no              | no     |
| Read ANY project                                  | yes   | yes   | yes    | no              | yes    |
| Edit/Delete ANY project                           | yes   | yes   | no     | no              | no     |
| Create project                                    | yes   | yes   | no     | no              | no     |
| Read ANY environment                              | yes   | yes   | yes    | no              | yes    |
| Edit/Delete ANY environment or service            | yes   | yes   | no     | no              | no     |
| Create environment or service                     | yes   | yes   | no     | no              | no     |
| Add/Edit/Delete environment variables and secrets | yes   | yes   | yes    | no              | no     |
| Deploy/Stop ANY environment or service            | yes   | yes   | yes    | no              | no     |
| Connect via shell to ANY application              | yes   | yes   | yes    | no              | no     |

## Custom Roles

You can create custom roles to fine-tune access control for your organization members. Custom roles allow you to define permissions at two levels: cluster level and project level.

### Cluster Level Permissions

You can define the following permissions at the cluster level:

* **Read-Only**: The user can access the cluster information (name, region etc..). Minimum permission level.
* **Create Environment**: The user can create environments on this cluster...Further environment level permissions...are managed via the 'Project Permissions'
* **Full Access**: The user can create environments on this cluster and as well manage the cluster's settings (start/stop, change number and type of nodes etc..)

### Project Level Permissions

You can define permissions for each environment type (development, staging, production, preview) within a project:

* **No Access**: The user has no access to this environment type
* **Read-Only**: Access in read-only to this environment type. Useful to restrict access on sensitive environments
* **Deploy**: Manage the deployments of this environment type, access the logs, connect via SSH
* **Manage**: Manage the deployments and the settings of this environment type
* **Full Access**: The user is admin of the project and can do everything he wants on it

## Transfer Ownership

You can transfer ownership of the organization to another member. To do so:

1. Navigate to the **Members** section in organization settings
2. Click on the member you want to transfer ownership to
3. Select **Transfer Ownership** from the menu
4. Confirm the transfer

<Warning>
  Once ownership is transferred, you will no longer be the owner of the
  organization.
</Warning>