> For the complete documentation index, see [llms.txt](https://docs.bindplane.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.bindplane.com/feature-guides/security-and-governance/role-based-access-control-rbac.md). # Role-Based Access Control (RBAC) ### Overview This document outlines Bindplane Role-Based Access Control (RBAC). Bindplane is structured by Organization and Project, with one organization capable of containing one or multiple projects. ### Prerequisites Before configuring RBAC, ensure the following prerequisites are met. #### License A Google or Enterprise license is required for using RBAC. #### Authentication Mode Bindplane must be configured to use LDAP, Active Directory, or another multi-user authentication mode. The default System authentication mode does not support multiple users. Bindplane Cloud supports multi-user by default and does not require additional configuration. ### RBAC Roles #### Organization Roles Organizations have two RBAC roles: **Organization Admin** * Full control over the organization. * Can create new projects. **Organization User** * View organization details. #### Project Roles Projects have three RBAC roles: **Project Admin** * Full control over the project. * Can add and remove users within the project. * Can modify configurations and trigger rollouts. **Project User** * Install and assign collectors to configurations. * Can modify configurations within the project. * Cannot trigger rollouts. * Cannot invite or manage other users within the project. **Project Viewer** * Read-only access to the project. ### Role Assignment Users can be invited to a project by using the Invite Users button on the Project page. When\ users are added to a Project, they are implicitly added to the organization. Users can be invited by email or with an invite link. In both cases, a role must be selected. An Admin can modify a user's role by navigating to the Users tab on the Project page. From there, the user can be selected and their role can be modified. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.bindplane.com/feature-guides/security-and-governance/role-based-access-control-rbac.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.