zitadel/site/docs/administrate/09-management-roles.md

---
title: Management roles
---

### ZITADEL's management roles

ZITADEL's own role model is built around the IAM resource. The roles have some hierarchies to them. For example a IAM_OWNER can view and edit every resource of the system. ORG_OWNERS can only manage their resources included within their organization. This includes projects, clients, users, and so on.

#### How to give a user ZITADEL roles


> Screenshots

##### System roles

IAM_OWNER

IAM_OWNER_VIEWER

##### Organisation roles

ORG_OWNER

ORG_OWNER_VIEWER

ORG_USER_PERMISSION_EDITOR

ORG_PROJECT_PERMISSION_EDITOR

ORG_PROJECT_CREATOR

##### Owned Project roles

PROJECT_OWNER

PROJECT_OWNER_VIEWER

PROJECT_OWNER_GLOBAL

PROJECT_OWNER_VIEWER_GLOBAL

##### Granted Project roles

PROJECT_GRANT_OWNER

PROJECT_GRANT_OWNER_VIEWER

##### Project roles management

> Explain Project Authorization
docs(intergration): examples (#939) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <max@mffap.org> 2020-11-06 15:15:54 +01:00			`---`
docs: improvement to semantics (#944) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * reviewed documentation * reviewed documentation * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * cleaned up name for management roles * corrected small typo in code * Intro for orgs, spelling, ref to mgmt roles * removed inline comments * Update 00-quick-start.en.md * Update 02-organisations.en.md * Update site/docs/administrate/03-projects.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 03-projects.en.md * Update 04-clients.en.md * Update site/docs/administrate/07-policies.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 09-authorizations.en.md Co-authored-by: Florian Forster <florian@caos.ch> 2020-12-01 16:56:33 +01:00			`title: Management roles`
docs(intergration): examples (#939) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <max@mffap.org> 2020-11-06 15:15:54 +01:00			`---`

docs: improvement to semantics (#944) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * reviewed documentation * reviewed documentation * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * cleaned up name for management roles * corrected small typo in code * Intro for orgs, spelling, ref to mgmt roles * removed inline comments * Update 00-quick-start.en.md * Update 02-organisations.en.md * Update site/docs/administrate/03-projects.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 03-projects.en.md * Update 04-clients.en.md * Update site/docs/administrate/07-policies.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 09-authorizations.en.md Co-authored-by: Florian Forster <florian@caos.ch> 2020-12-01 16:56:33 +01:00			`### ZITADEL's management roles`
docs(intergration): examples (#939) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <max@mffap.org> 2020-11-06 15:15:54 +01:00
docs: improvement to semantics (#944) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * reviewed documentation * reviewed documentation * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * cleaned up name for management roles * corrected small typo in code * Intro for orgs, spelling, ref to mgmt roles * removed inline comments * Update 00-quick-start.en.md * Update 02-organisations.en.md * Update site/docs/administrate/03-projects.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 03-projects.en.md * Update 04-clients.en.md * Update site/docs/administrate/07-policies.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 09-authorizations.en.md Co-authored-by: Florian Forster <florian@caos.ch> 2020-12-01 16:56:33 +01:00			`ZITADEL's own role model is built around the IAM resource. The roles have some hierarchies to them. For example a IAM_OWNER can view and edit every resource of the system. ORG_OWNERS can only manage their resources included within their organization. This includes projects, clients, users, and so on.`
docs(intergration): examples (#939) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <max@mffap.org> 2020-11-06 15:15:54 +01:00
docs: improvement to semantics (#944) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * reviewed documentation * reviewed documentation * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * cleaned up name for management roles * corrected small typo in code * Intro for orgs, spelling, ref to mgmt roles * removed inline comments * Update 00-quick-start.en.md * Update 02-organisations.en.md * Update site/docs/administrate/03-projects.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 03-projects.en.md * Update 04-clients.en.md * Update site/docs/administrate/07-policies.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 09-authorizations.en.md Co-authored-by: Florian Forster <florian@caos.ch> 2020-12-01 16:56:33 +01:00			`#### How to give a user ZITADEL roles`
docs(intergration): examples (#939) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <max@mffap.org> 2020-11-06 15:15:54 +01:00

			`> Screenshots`

docs: improvement to semantics (#944) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * reviewed documentation * reviewed documentation * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * cleaned up name for management roles * corrected small typo in code * Intro for orgs, spelling, ref to mgmt roles * removed inline comments * Update 00-quick-start.en.md * Update 02-organisations.en.md * Update site/docs/administrate/03-projects.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 03-projects.en.md * Update 04-clients.en.md * Update site/docs/administrate/07-policies.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 09-authorizations.en.md Co-authored-by: Florian Forster <florian@caos.ch> 2020-12-01 16:56:33 +01:00			`##### System roles`
docs(intergration): examples (#939) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <max@mffap.org> 2020-11-06 15:15:54 +01:00
			`IAM_OWNER`

			`IAM_OWNER_VIEWER`

docs: improvement to semantics (#944) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * reviewed documentation * reviewed documentation * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * cleaned up name for management roles * corrected small typo in code * Intro for orgs, spelling, ref to mgmt roles * removed inline comments * Update 00-quick-start.en.md * Update 02-organisations.en.md * Update site/docs/administrate/03-projects.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 03-projects.en.md * Update 04-clients.en.md * Update site/docs/administrate/07-policies.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 09-authorizations.en.md Co-authored-by: Florian Forster <florian@caos.ch> 2020-12-01 16:56:33 +01:00			`##### Organisation roles`
docs(intergration): examples (#939) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <max@mffap.org> 2020-11-06 15:15:54 +01:00
			`ORG_OWNER`

			`ORG_OWNER_VIEWER`

			`ORG_USER_PERMISSION_EDITOR`

			`ORG_PROJECT_PERMISSION_EDITOR`

			`ORG_PROJECT_CREATOR`

docs: improvement to semantics (#944) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * reviewed documentation * reviewed documentation * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * cleaned up name for management roles * corrected small typo in code * Intro for orgs, spelling, ref to mgmt roles * removed inline comments * Update 00-quick-start.en.md * Update 02-organisations.en.md * Update site/docs/administrate/03-projects.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 03-projects.en.md * Update 04-clients.en.md * Update site/docs/administrate/07-policies.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 09-authorizations.en.md Co-authored-by: Florian Forster <florian@caos.ch> 2020-12-01 16:56:33 +01:00			`##### Owned Project roles`
docs(intergration): examples (#939) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <max@mffap.org> 2020-11-06 15:15:54 +01:00
			`PROJECT_OWNER`

			`PROJECT_OWNER_VIEWER`

			`PROJECT_OWNER_GLOBAL`

			`PROJECT_OWNER_VIEWER_GLOBAL`

docs: improvement to semantics (#944) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * reviewed documentation * reviewed documentation * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * cleaned up name for management roles * corrected small typo in code * Intro for orgs, spelling, ref to mgmt roles * removed inline comments * Update 00-quick-start.en.md * Update 02-organisations.en.md * Update site/docs/administrate/03-projects.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 03-projects.en.md * Update 04-clients.en.md * Update site/docs/administrate/07-policies.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 09-authorizations.en.md Co-authored-by: Florian Forster <florian@caos.ch> 2020-12-01 16:56:33 +01:00			`##### Granted Project roles`
docs(intergration): examples (#939) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <max@mffap.org> 2020-11-06 15:15:54 +01:00
			`PROJECT_GRANT_OWNER`

			`PROJECT_GRANT_OWNER_VIEWER`

docs: improvement to semantics (#944) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * reviewed documentation * reviewed documentation * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * cleaned up name for management roles * corrected small typo in code * Intro for orgs, spelling, ref to mgmt roles * removed inline comments * Update 00-quick-start.en.md * Update 02-organisations.en.md * Update site/docs/administrate/03-projects.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 03-projects.en.md * Update 04-clients.en.md * Update site/docs/administrate/07-policies.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 09-authorizations.en.md Co-authored-by: Florian Forster <florian@caos.ch> 2020-12-01 16:56:33 +01:00			`##### Project roles management`
docs(intergration): examples (#939) * rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <max@mffap.org> 2020-11-06 15:15:54 +01:00
			`> Explain Project Authorization`