# Roles
A role definition is a collection of permissions. It's typically just called a role. A role definition lists the actions that can be performed, such as read, write, and delete. Roles can be high-level, like "Owner", or specific, like "Read Only User" .
| Name | Description |
| -------------- | ------------------------------------------------------------------------------ |
| Owner | Owner and creator of the organization. |
| Administrator | Administrator of the organization. They are designated as such by the "Owner". |
| Operator | Developer or technician of the organization. |
| Helpdesk | Support role on projects. |
| Standard User | Invited to work on a project by the organization. |
| Read Only User | Simple observer of the organization's technical activities on the platform. |
### List of entities impacted by roles
| Entity | Description |
| ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Organization | Major entity of the application. |
| User | This is the user entity. It acts more as a subject than an object. It is the one that will be queried to determine if it has the right to access other entity-objects. |
| Project | Framework for all the work within an organization. An organization can have multiple projects. |
| Blueprint | Workspace within a project. A project can have multiple blueprints. |
### List of rights by object entity (also called Namespace)
Each namespace has different access rights to its functionalities. It's important to know that there are two types of rights: Those that encompass an organization and those that are specific to a project and/or a blueprint.
The rights of the Project and Blueprint namespaces are of the latter. This allows targeting a project for a person invited to work on a specific project and prevents them from accessing others.
#### Organization
| Name | Description |
| ----------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| access\_org | Access the organization (this is not about reading, but access from a code perspective - e.g., A person who can only access one project of the organization must still have access to some organization code calls). |
| read\_org | Read access to the organization. |
| edit\_org | Edit the organization (This does not involve administrative changes). |
| administrate\_org | Administer the organization (Role assignment - modification of organization information). |
| delete\_org | Delete the organization (The default organization cannot be deleted). |
| read\_project | Read access to the organization's projects. |
| create\_project | Create a new project within the organization. |
| edit\_project | Make modifications to a project. |
| delete\_project | Delete a project. |
| share\_project | Share a project. |
| read\_blueprint | Read access to the blueprints of the organization's projects. |
| create\_blueprint | Create a blueprint within a project. |
| edit\_blueprint | Modify a blueprint. |
| delete\_blueprint | Delete a blueprint. |
| deploy\_blueprint | Deploy a blueprint. |
| revert\_blueprint | Revert to a previous version of the blueprint. |
| share\_blueprint | Share a blueprint. |
#### Project
| Name | Description |
| ----------------- | ----------------------------------------- |
| read | Read access to a specific project. |
| create\_blueprint | Create a blueprint in a specific project. |
| edit | Modify a specific project. |
| delete | Delete a specific project. |
#### Blueprint
| Name | Description |
| ------ | ----------------------------------------------------- |
| read | Read access to a specific blueprint. |
| edit | Modify a specific blueprint. |
| delete | Delete a specific blueprint. |
| share | Share a specific blueprint. |
| revert | Revert to a previous version of a specific blueprint. |
| deploy | Deploy a specific blueprint. |
## Who can do what?
### Organization
| access\_org | read\_org | edit\_org | delete\_org | administrate\_org |
| -------------- | -------------- | -------------- | -------------- | ----------------- |
| owners | owners | owners | owners | owners |
| administrators | administrators | administrators | administrators | |
| operators | operators | operators | | |
| helpdesks | | | | |
| standartUsers | | | | |
| readonlyUsers | readonlyUsers | | | |
| read\_project | create\_project | edit\_project | delete\_project | share\_project |
| -------------- | --------------- | -------------- | --------------- | -------------- |
| owners | owners | owners | owners | owners |
| administrators | administrators | administrators | administrators | administrators |
| operators | operators | operators | operators | operators |
| readonlyUsers | | | | |
| read\_blueprint | create\_blueprint | edit\_blueprint | delete\_blueprint | deploy\_blueprint | revert\_blueprint | share\_blueprint |
| --------------- | ----------------- | --------------- | ----------------- | ----------------- | ----------------- | ---------------- |
| owners | owners | owners | owners | owners | owners | owners |
| administrators | administrators | administrators | administrators | administrators | administrators | administrators |
| operators | operators | operators | operators | operators | operators | operators |
| readonlyUsers | | | | | | |
### Project
| read | create\_blueprint | edit | delete | share |
| ------------- | ----------------- | ------------- | ------------- | ------------- |
| helpdesks | helpdesks | | | |
| standardUsers | standardUsers | standardUsers | standardUsers | standardUsers |
### Blueprint
| read | edit | delete | share | deploy | revert |
| ------------- | ------------- | ------------- | ------------- | ------------- | ------------- |
| helpdesks | helpdesks | | | | |
| standardUsers | standardUsers | standardUsers | standardUsers | standardUsers | standardUsers |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://doc.exoway.io/fundamentals/rbac/roles.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.