Account roles🔗
Each user added to an account is assigned a role, which defines what permissions they have.
Roles🔗
Every account must maintain at least one user with the Super Admin role, though there is no limit to how many users can hold this role. Only an existing Super Admin has the authority to remove or modify another user with this role. While all users have access to the same set of roles, those using Directory Integration or SSO must have their roles mapped.
For accounts created before December 2024, a Super Admin is not automatically assigned. If you need to elevate a user to this role for an older account, please raise a Support ticket. For more information, read Getting support.
Role permissions🔗
The four account roles, Super Admin, Billing Admin, Admin, and Member have specific permissions for the following features:
| Super Admin | Billing Admin | Admin | Member | |
|---|---|---|---|---|
| Manage Account | ✅ | ✅ | ✅ | ❌ |
| View Account Users | ✅ | ✅ | ✅ | ✅ |
| Manage Account Users | ✅ | ✅ | ✅ | ❌ |
| Create Projects | ✅ | ✅ | ✅ | ❌ |
| Manage Billing | ✅ | ✅ | ❌ | ❌ |
| Manage Runners | ✅ | ❌ | ✅ | ❌ |
| Manage AI Agents Team Account Config | ✅ | ✅ | ✅ | ❌ |
| Use AI Agents | ✅ | ✅ | ✅ | ✅ |
| Use AI Agents Sampling | ✅ | ✅ | ✅ | ✅ |
| Export Lineage | ✅ | ❌ | ❌ | ❌ |
| View API Credentials | ✅ | ✅ | ✅ | ✅ |
| Manage API Credentials | ✅ | ❌ | ❌ | ❌ |
| Manage IP Allow List | ✅ | ❌ | ❌ | ❌ |
| View Audit Events | ✅ | ❌ | ✅ | ❌ |
| Create Vault Secrets | ✅ | ✅ | ✅ | ✅ |
Note
Users assigned permissions prior to 15 April 2026 will continue with their individual permission configurations. These users can be migrated to the new roles model as stated above at any time by assigning them a standard role.
For more information about how to modify user roles, read Edit user roles.