> For the complete documentation index, see [llms.txt](https://help.genesis.autify.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.genesis.autify.com/settings/organization-settings/roles-and-permissions.md).

# Roles and permissions

Autify Genesis has two types of roles: **organization roles**, which apply across the entire organization, and **workspace roles**, which are granted per workspace.

## Role types

### Organization roles

These roles apply across the entire organization. Every user who joins the organization is assigned one of the organization roles.

#### Owner

The highest-privilege role in the organization. Owners can perform every operation, including inviting, removing, and changing user roles (including promotion to Owner); creating, configuring, archiving, and deleting workspaces; registering and changing AI providers; and configuring AI usage alerts.

#### Admin

The organization management role. Admins can invite, remove, and change user roles (in the Member and Admin range), and create, configure, archive, and delete workspaces. They cannot promote users to Owner.

{% hint style="warning" %}
Promoting users to Owner, and changing roles or removing existing Owners, can only be done by users with Owner privileges.
{% endhint %}

#### Member

The general organization role. Members can view AI provider settings and create, update, or delete API keys, but cannot manage organization, user, or workspace settings. In the workspaces they are assigned to, they can use AI chat and workflows.

### Workspace roles

These roles are granted per workspace. Users with the organization role of Member are assigned as either **Member** or **Workspace Manager** in each workspace. Users with no assignment cannot access that workspace. Users with the organization role of Admin or Owner automatically have access to every workspace.

#### Workspace manager

A role with workspace-level management privileges. Admins or Owners grant this role to members of a specific workspace. Workspace Managers can invite users to their workspace, add or remove members, change roles within the workspace (in the Member and Workspace Manager range), and update workspace settings. They cannot change organization-level roles (such as promoting users to Admin or Owner).

## Permission matrix

Permissions differ by role at the organization level and at the workspace level.

### Organization-level permissions

| Action                                   | Owner | Admin | Member |
| ---------------------------------------- | ----- | ----- | ------ |
| Invite users                             | ✓     | ✓     | —      |
| Cancel invitations                       | ✓     | ✓     | —      |
| Change user role (Member / Admin)        | ✓     | ✓     | —      |
| Change user role (Owner)                 | ✓     | —     | —      |
| Remove users                             | ✓     | ✓     | —      |
| View AI provider settings                | ✓     | ✓     | ✓      |
| Enable / disable managed AI providers    | ✓     | —     | —      |
| Register, edit, delete BYOK AI providers | ✓     | —     | —      |
| Configure AI usage alerts                | ✓     | —     | —      |
| Create workspaces                        | ✓     | ✓     | —      |
| Archive workspaces                       | ✓     | ✓     | —      |
| Delete workspaces                        | ✓     | ✓     | —      |
| Create, edit, delete API keys            | ✓     | ✓     | ✓      |

### Workspace-level permissions

Owners and Admins have access to every workspace. Workspace Managers can only act on workspaces where they hold the Workspace Manager role.

| Action                                             | Owner | Admin | Workspace Manager | Member |
| -------------------------------------------------- | ----- | ----- | ----------------- | ------ |
| Use chat and workflows                             | ✓     | ✓     | ✓                 | ✓      |
| Invite users to the workspace                      | ✓     | ✓     | ✓                 | —      |
| Cancel or resend invitations                       | ✓     | ✓     | ✓                 | —      |
| Add or remove workspace members                    | ✓     | ✓     | ✓                 | —      |
| Change workspace role (Member / Workspace Manager) | ✓     | ✓     | ✓                 | —      |
| Change workspace settings                          | ✓     | ✓     | ✓                 | —      |

## Notes

* You cannot change your own role.
* You cannot remove yourself from the organization. Ask another Owner or Admin to do so.
* If only one Owner exists in the organization, that Owner cannot be removed or demoted to Admin or Member. The organization must always have at least one Owner.
* Removing a user from the organization does not delete workspaces or deliverables they created.
* Members can only view and use the workspaces they have been assigned to.
* The Workspace Manager role is independent of the organization role and is granted per workspace. The same user can be a Workspace Manager in one workspace and a Member in another.
* Workspace Managers can only cancel or resend invitations they themselves sent.
* If the last Workspace Manager of a workspace tries to leave the workspace, a warning is displayed indicating that the workspace will have no manager.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://help.genesis.autify.com/settings/organization-settings/roles-and-permissions.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
