> ## Documentation Index
> Fetch the complete documentation index at: https://docs.velatir.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Roles & Permissions

> Organisation and workspace roles in Velatir and what each one can do

## What Are Roles?

Roles control what members can see and do within your Velatir account. Velatir uses two layers of roles. Organisation roles govern your entire account. Workspace roles control access within individual workspaces.

Every member receives an organisation role when invited. They then receive a workspace role for each workspace they are assigned to.

## Organisation Roles

Organisation roles determine what a member can do across your entire Velatir account.

| Role              | Description                          | Key Permissions                                                                                                 |
| ----------------- | ------------------------------------ | --------------------------------------------------------------------------------------------------------------- |
| **Administrator** | Full control over the organisation   | Manage settings, billing, members, and all workspaces. Create and delete workspaces. Invite and remove members. |
| **Reader**        | View-only access to the organisation | View organisation settings and member lists. Cannot make changes or manage workspaces.                          |

Administrators handle day-to-day account management. Readers are suited for stakeholders who need visibility without the ability to make changes.

## Workspace Roles

Workspace roles determine what a member can do within a specific workspace. A member can hold different roles in different workspaces.

| Role       | Description                       | Key Permissions                                                                               |
| ---------- | --------------------------------- | --------------------------------------------------------------------------------------------- |
| **Admin**  | Full control over the workspace   | Manage workspace settings, API keys, agents, and members. Full access to traces.              |
| **Editor** | Manage traces                     | View and manage traces and agent configuration. Cannot change workspace settings or API keys. |
| **Reader** | View-only access to the workspace | View traces and agent activity. Cannot take any actions or make changes.                      |

## Choosing the Right Roles

<AccordionGroup>
  <Accordion title="Compliance Officers">
    Assign the Editor role so they can review traces and oversee agent activity across the workspace. If they only need to observe, Reader works.
  </Accordion>

  <Accordion title="Team Leads">
    Workspace Admin gives them full control to configure agents, manage API keys, and oversee their team's workspace.
  </Accordion>

  <Accordion title="Executives and Stakeholders">
    Organisation Reader plus workspace Reader gives them visibility across the board without any risk of accidental changes.
  </Accordion>
</AccordionGroup>

## Inviting Members

<Steps>
  <Step title="Open Member Settings" icon="users">
    Navigate to your organisation settings and select the Members section.
  </Step>

  <Step title="Send an Invitation" icon="mail">
    Enter the new member's email address and select their organisation role. They receive an email invitation to join.
  </Step>

  <Step title="Assign to Workspaces" icon="layout-grid">
    Once they accept the invitation, assign them to one or more workspaces and choose a workspace role for each.
  </Step>
</Steps>

You can update roles at any time. Removing a member from a workspace revokes their access immediately.

***

<CardGroup cols={2}>
  <Card title="Organisations & Workspaces" icon="building" href="/platform/organizations-and-workspaces">
    Learn how organisations and workspaces are structured
  </Card>

  <Card title="Data Privacy" icon="lock" href="/security/data-privacy">
    Understand how Velatir handles data privacy and access control
  </Card>
</CardGroup>