# Roles

### Types of Roles

A team member can have one of five roles:

* Admin: can manage the team, its members, and deployments
* Manager: can perform non-destructive admin actions
* Developer: can create/edit/delete bricks and mods in the team's private scope
* Member: a full member can use mods and integration configurations within the team scope
* Restricted (default): must be added to a permissions group to access team mods and other resources

For enterprise teams, most team members should be "Restricted".

#### Role Permissions Matrix <a href="#block-969a814b8acd4643b98db308047298e1" id="block-969a814b8acd4643b98db308047298e1"></a>

The following table lists the base permissions for each role.&#x20;

<table><thead><tr><th width="176">Resource/Role</th><th width="100">Admin</th><th width="131">Manager</th><th>Developer</th><th>Member</th><th>Restricted</th></tr></thead><tbody><tr><td>Team Members</td><td><p>View, Invite, </p><p>Edit, Delete</p></td><td>View, Invite</td><td>No</td><td>No</td><td>No</td></tr><tr><td>Groups</td><td>View, Edit, Delete</td><td>View, Edit</td><td>No</td><td>No</td><td>No</td></tr><tr><td>Mods/Packages</td><td>View, Edit, Delete</td><td>View, Edit, Delete</td><td>View, Edit, Delete</td><td>View</td><td>No</td></tr><tr><td>Integration Configurations</td><td>View, Edit, Delete</td><td>View, Call<br><em>No Access to Secrets</em></td><td>View, Call<br><em>No Access to Secrets</em></td><td>View, Call<br><em>No Access to Secrets</em></td><td>No</td></tr><tr><td>Mod Deployments</td><td>View, Edit, Delete</td><td>View, Edit, Pause/Unpause</td><td>No</td><td>No</td><td>No</td></tr><tr><td>Campaigns</td><td>View, Edit</td><td>View, Edit</td><td>No</td><td>No</td><td>No</td></tr><tr><td>Databases</td><td>View, Edit, Delete</td><td>View, Edit</td><td>No</td><td>No</td><td>No</td></tr></tbody></table>

#### Granting Additional Permissions <a href="#block-969a814b8acd4643b98db308047298e1" id="block-969a814b8acd4643b98db308047298e1"></a>

* Use permission groups to authorize read/edit access to specific resources (see [groups](https://docs.pixiebrix.com/managing-teams/access-control/groups "mention")). When deploying a mod to a Group, PixieBrix will automatically prompt you to grant the required authorization for the mod.
* Admins/Managers can assign Deployment Manager groups to receive manager access to a Deployment and its related resources (see [deploying-mods](https://docs.pixiebrix.com/deploying-mods "mention"))

### Changing a Team Member's Role <a href="#block-969a814b8acd4643b98db308047298e1" id="block-969a814b8acd4643b98db308047298e1"></a>

If you decide to change a current team member’s role, you can do so by clicking on their name in the team list on the ***Members*** screen.

On the Member Detail screen, you can edit the member's role by clicking on the Role row. PixieBrix will show a dropdown allowing you to select a new role for the member. PixieBrix will automatically save and apply the new role.

### Applying User Interface Restrictions for Restricted Team Members

{% hint style="info" %}
User interface restrictions for restricted users are only available on Enterprise plans
{% endhint %}

To enable interface restrictions for Restricted team members, you can just contact <support@pixiebrix.com>. Interface restrictions include:

* Hiding references to the PixieBrix Marketplace
* Disabling the ability to deactivate deployments
* Disabling the Page Editor