> ## Documentation Index
> Fetch the complete documentation index at: https://getconvoy.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Role-Based Access Control (RBAC)

Convoy supports role-based access control to manage who can access and perform actions across an instance, organisations, and projects.

## Roles

The following roles are available:

* **Instance Admin** (`instance_admin`): Instance-level access. Can manage all organisations and projects.
* **Organisation Admin** (`organisation_admin`): Organisation-level access. Can manage the organisation and all projects within it.
* **Billing Admin** (`billing_admin`): Organisation-level access. Can manage billing only.
* **Project Admin** (`project_admin`): Project-level access. Can manage project settings and users for the specified project.
* **Project Viewer** (`project_viewer`): Project-level access. Can view project data only.

> Note: A deprecated `api` role may appear in older integrations; it has the lowest rank.

## Role hierarchy

Higher-ranked roles implicitly have all permissions of lower-ranked roles.

* instance\_admin → organisation\_admin → billing\_admin → project\_admin → project\_viewer → api (deprecated)

## Scopes

Some roles may be scoped to a specific project and optionally an endpoint.

* Project scope: role applies to a single project.
* Endpoint scope: role applies to a single endpoint within the scoped project.

## Permissions mapping (UI)

<Frame>
  <img src="https://mintcdn.com/convoy/XhPeZtY53ttiAPxQ/images/rbac-add-team.png?fit=max&auto=format&n=XhPeZtY53ttiAPxQ&q=85&s=9f39b9a685f90a7fea0b124d1ba7c670" alt="RBAC roles and permissions overview" width="958" height="1006" data-path="images/rbac-add-team.png" />
</Frame>

> <Tip>
>   Instance Admin isn’t shown in the dashboard. It’s reserved for instance operations and prevents accidental privilege escalation. It replaces the legacy `super_user` role.
> </Tip>

Convoy's UI uses permissions to toggle actions. Typical mappings:

* Project Viewer: view-only access to events, deliveries, sources, subscriptions, endpoints, portal links, project settings, and organisations (read).
* Project Admin: all Project Viewer permissions plus manage actions on events, sources, subscriptions, endpoints, portal links, meta events, project settings, event types, and project setup.
* Organisation Admin: manage organisation and team; inherits Project Admin and Project Viewer permissions.
* Billing Admin: manage billing.
* Instance Admin: full instance management; inherits Organisation Admin, Billing Admin, Project Admin, and Project Viewer permissions.

## API keys and invites

When creating API keys or inviting members, assign the appropriate role and scope:

* Organisation Admin for org-wide administration.
* Project Admin/Viewer for project-level access.

## Backward compatibility

Older roles such as `super_user`, `admin`, and `member` have been replaced. Ensure clients and automations use the new role names listed above.
