> ## Documentation Index > Fetch the complete documentation index at: https://formbricks.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Organizations and roles > Understand organization-level roles and how they control access to teams, Workspaces, and data across your Formbricks organization. Organization-level roles apply to all teams and Workspaces within your Formbricks organization. These roles provide broad permissions that determine what users can do across the entire organization. Access Roles is a feature of the [Enterprise Edition](/self-hosting/advanced/license). In the **Community Edition** and on the **Free** and **Startup** plan in the Cloud you can invite unlimited organization members as `Owner`. ## Role hierarchy Here are the different access permissions, ranked from highest to lowest access: 1. **Owner** - Full organizational control 2. **Manager** - Management access with some restrictions 3. **Billing** - Billing and payment management only 4. **Member** - Basic access to assigned Workspaces ### Role Permissions and Privilege Escalation Prevention To prevent privilege escalation, the following rules apply: * **Owners** can: * Invite users as owners, managers, or members * Assign roles up to owner level * **Managers** can: * Invite users only as members * Assign roles up to member only, not manager or owner * **Members** cannot: * Invite users * Assign roles ## Organization-level roles All users and their organization-level roles are listed in **Organization Settings > Access Control**. Users can hold any of the following org-level roles: ### Owner * Have full access to the organization, its data, and settings * Can perform Team Admin actions without needing to join the team * Can manage all aspects of the organization including billing, integrations, and member management ### Manager * Have full management access to all teams and Workspaces * Can manage the organization's membership (but can only invite or assign users as members) * Can perform Team Admin actions without needing to join the team * Cannot change other organization settings like billing or delete the organization ### Billing * Can manage payment and compliance details in the organization * Have access to billing settings and subscription management * Cannot access other organizational data or settings ### Member * Can view most data in the organization and act in the Workspaces they are members of * Cannot create or join Workspaces on their own and need to be assigned by owners or managers * Have limited permissions that depend on their Workspace-level access ## Detailed permissions matrix | | Owner | Manager | Billing | Member | | ---------------------------------- | ----- | ------- | ------- | ------ | | **Organization** | | | | | | Update organization | ✅ | ❌ | ❌ | ❌ | | Delete organization | ✅ | ❌ | ❌ | ❌ | | Add new member | ✅ | ✅ | ❌ | ❌ | | Delete member | ✅ | ✅ | ❌ | ❌ | | Update member access | ✅ | ✅ | ❌ | ❌ | | Update billing | ✅ | ✅ | ✅ | ❌ | | **Workspace** | | | | | | Create Workspace | ✅ | ✅ | ❌ | ❌ | | Update Workspace name | ✅ | ✅ | ❌ | ✅\*\* | | Update Workspace recontact options | ✅ | ✅ | ❌ | ✅\*\* | | Update look & feel | ✅ | ✅ | ❌ | ✅\*\* | | Update survey languages | ✅ | ✅ | ❌ | ✅\*\* | | Delete Workspace | ✅ | ✅ | ❌ | ❌ | | **Surveys** | | | | | | Create new survey | ✅ | ✅ | ❌ | ✅\* | | Edit survey | ✅ | ✅ | ❌ | ✅\* | | Delete survey | ✅ | ✅ | ❌ | ✅\* | | View survey results | ✅ | ✅ | ❌ | ✅ | | **Response** | | | | | | Delete response | ✅ | ✅ | ❌ | ✅\* | | Add tags on response | ✅ | ✅ | ❌ | ✅\* | | Edit tags on response | ✅ | ✅ | ❌ | ✅\* | | Download survey responses (CSV) | ✅ | ✅ | ❌ | ✅\* | | **Actions** | | | | | | Create action | ✅ | ✅ | ❌ | ✅\* | | Update action | ✅ | ✅ | ❌ | ✅\* | | Delete action | ✅ | ✅ | ❌ | ✅\* | | **API keys** | | | | | | Create API key | ✅ | ✅ | ❌ | ✅\*\* | | Update API key | ✅ | ✅ | ❌ | ✅\*\* | | Delete API key | ✅ | ✅ | ❌ | ✅\*\* | | **Tags** | | | | | | Create tags | ✅ | ✅ | ❌ | ✅\* | | Update tags | ✅ | ✅ | ❌ | ✅\* | | Delete tags | ✅ | ✅ | ❌ | ✅\*\* | | **Contacts** | | | | | | Delete contact | ✅ | ✅ | ❌ | ✅\* | | **Integrations** | | | | | | Manage integrations | ✅ | ✅ | ❌ | ✅\* | \* - for the read & write permissions team members \*\* - for the manage permissions team members ## Best practices * **Principle of least privilege**: Assign users the minimum role necessary for their responsibilities * **Regular audits**: Periodically review organization members and their roles * **Owner role**: Limit the number of owners to reduce security risk * **Manager role**: Use for team leads who need to manage Workspaces but not organizational settings