zitadel/site/docs/administrate/70-zitadelroles.en.md

---
title: ZITADEL Roles
---

### ZITADEL's Roles

**ZITADEL's** own role model is built around the IAM resources. The roles have some hierarchies to them. For example a IAM_OWNER can view and edit every resource of the system. ORG_OWNERS can only manage their resources included within their organisation. This includes projects, clients, users, and so on.

#### System Roles

IAM_OWNER

IAM_OWNER_VIEWER

#### Organisation Roles

ORG_OWNER

ORG_OWNER_VIEWER

ORG_USER_PERMISSION_EDITOR

ORG_PROJECT_PERMISSION_EDITOR

ORG_PROJECT_CREATOR

#### Owned Project Roles

PROJECT_OWNER

PROJECT_OWNER_VIEWER

PROJECT_OWNER_GLOBAL

PROJECT_OWNER_VIEWER_GLOBAL

#### Granted Project Roles

PROJECT_GRANT_OWNER

PROJECT_GRANT_OWNER_VIEWER

### Manage ZITADEL Roles

You can grant ZITADEL Roles directly on a resource like organisation or project. Or, if the user is in your organisation, by applying the roles to the user directly:

- [Manage Organisation ZITADEL Roles](administrate#Manage_Organisation_ZITADEL_Roles)
- [Manage Project ZITADEL Roles](administrate#Manage_Organisation_ZITADEL_Roles)
- [Manage User ZITADEL Roles](administrate#Manage_Organisation_ZITADEL_Roles)
docs: screenshots and text improvements (#912) * additional content * even more content 2020-10-28 09:15:05 +00:00			`---`
			`title: ZITADEL Roles`
			`---`

			`### ZITADEL's Roles`

			`ZITADEL's own role model is built around the IAM resources. The roles have some hierarchies to them. For example a IAM_OWNER can view and edit every resource of the system. ORG_OWNERS can only manage their resources included within their organisation. This includes projects, clients, users, and so on.`

			`#### System Roles`

			`IAM_OWNER`

			`IAM_OWNER_VIEWER`

			`#### Organisation Roles`

			`ORG_OWNER`

			`ORG_OWNER_VIEWER`

			`ORG_USER_PERMISSION_EDITOR`

			`ORG_PROJECT_PERMISSION_EDITOR`

			`ORG_PROJECT_CREATOR`

			`#### Owned Project Roles`

			`PROJECT_OWNER`

			`PROJECT_OWNER_VIEWER`

			`PROJECT_OWNER_GLOBAL`

			`PROJECT_OWNER_VIEWER_GLOBAL`

			`#### Granted Project Roles`

			`PROJECT_GRANT_OWNER`

			`PROJECT_GRANT_OWNER_VIEWER`

			`### Manage ZITADEL Roles`

docs: improvement to semantics (#944) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * reviewed documentation * reviewed documentation * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * cleaned up name for management roles * corrected small typo in code * Intro for orgs, spelling, ref to mgmt roles * removed inline comments * Update 00-quick-start.en.md * Update 02-organisations.en.md * Update site/docs/administrate/03-projects.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 03-projects.en.md * Update 04-clients.en.md * Update site/docs/administrate/07-policies.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 09-authorizations.en.md Co-authored-by: Florian Forster <florian@caos.ch> 2020-12-01 15:56:33 +00:00			`You can grant ZITADEL Roles directly on a resource like organisation or project. Or, if the user is in your organisation, by applying the roles to the user directly:`
docs: screenshots and text improvements (#912) * additional content * even more content 2020-10-28 09:15:05 +00:00
			`- [Manage Organisation ZITADEL Roles](administrate#Manage_Organisation_ZITADEL_Roles)`
			`- [Manage Project ZITADEL Roles](administrate#Manage_Organisation_ZITADEL_Roles)`
			`- [Manage User ZITADEL Roles](administrate#Manage_Organisation_ZITADEL_Roles)`