# Access Management The Access Management system provides a more structured, secure, and flexible approach to access. This ensures that the right individuals have appropriate control based on their responsibilities. *** {% embed url="" %} ### **Access Management Role Hierarchy** To establish clear permissions and responsibilities, we have introduced **five distinct roles**: 1. **Admin** *(Full access to the entire platform, responsible for managing permissions and settings)* 2. **Executive** *(CXOs level i.e. CTO, CEO and Founders)* 3. **Leader** *(VPs, Director and Department heads)* 4. **Managers** *(Team Leads, Engineering Managers and Project Managers)* 5. **User** *(Individual contributors like developers)*
Each role is assigned specific permissions, ensuring a well-defined access structure and preventing unauthorized modifications. *** ### **AM Screen: Structure & Functionality** The **RBAC screen** is divided into three dedicated tabs: #### **1. Role Access (only Admins can access)** This tab provides **Admins** with full control over roles and permissions. Key functionalities include: * **Viewing assigned permissions** for each role. * **Modifying role permissions** as needed. * **Saving changes** for real-time updates.
This centralized approach ensures permissions are **accurately assigned** while maintaining security and flexibility. *** #### **2. User Management** This section allows for efficient user administration by displaying a **list of users** in the system. **Note:** If multiple users are merged in the **Teams** screen, only the **Primary User** will be displayed in this tab. **Key functionalities:** * **Inviting new users:** * If a person is not yet a user, they can be invited via the **"Invite"** button in the last column. * Clicking this button allows Admins to: * **Select the user role** * **Assign them to teams, projects, and workspaces** (if enabled)
* **Editing existing users:** * Modify a user’s **role, team, projects, and workspaces** (if enabled). * Users **cannot** modify their own details or the role of anyone **above them** in the hierarchy. * Users **can only edit roles at their level or below**, ensuring secure delegation.

Adjust roles

Select teams which can be accessed

Select projects which can be accesed

*** #### **3. Pending Access Requests (Admin-Only)** For organizations that require **Admin approval** for new user sign-ups, this tab acts as a **centralized approval hub**. **How it works:** * When a new user requests access, the **Admin receives an email notification**. * All **pending access requests** appear in this section. * The Admin can then **approve or deny** requests, ensuring controlled onboarding.