# Pre-defined roles Snyk provides a set of standard user roles that can be assigned and managed using the Snyk Web UI or the [Snyk API](https://docs.snyk.io/snyk-platform-administration/user-management-with-the-api). The permission sets for pre-defined roles cannot be customized. Instead, Snyk recommends creating a custom role under Manage role in the Snyk Web UI. The pre-defined roles Snyk provides are as follows: * **Organization Admin:** the standard role equivalent for Team Leads. Users with this role can add and delete Projects, override Snyk checks, and provision Group members with an Organization-level role. This role and the associated permissions supersede Group Member role restrictions. * **Organization Collaborator:** the standard role equivalent for Developers. This role is ideal for small teams or a developer-first organizational approach. * **Group Admin:** the standard role equivalent for the person in your company who oversees Snyk use at a high level, providing a full set of permissions at the Group and Organization level. This also means that a Group Admin is automatically an Organization Admin to all Organizations that sit under the Group, although they will not be visible in an Organization level list. * **Group Viewer:** a user who can access the Group level but requires Organization-level permissions to take actions in Snyk. This is normally used as a starting point during onboarding with Snyk to understand functions tied to Group permissions and design a custom Group role for post-deployment use. * **Group Member:** a non-functional user role added to your environment as a transition from Group Viewer if you do not yet wish to create a custom role after onboarding with Snyk. This means the permissions granted can vary depending on your requirements, as discussed with your Snyk contacts. Select the named role from the list under Manage Members in the Snyk Web UI to check the permissions assigned to your Group Member role. * **Tenant Admin**: a user who can access all Tenant products and settings. This role is reserved for account owners and admins only. * **Tenant Viewer**: a user who can see the list of all users of a Tenant, as well as all the Groups and Organizations set up for a Tenant. * **Tenant Member:** the default role of all users of a Tenant, but with no access to any Tenant level option. ## Role types Roles can be managed at the Organization, Group, and Tenant level. Tenant-level roles do not provide entitlement to Group and Organization level roles. Group-level roles contain permissions at both the Organization and the Group levels. Any Organization permissions added to a Group role will be granted to all Organizations in the Group. For example, the pre-defined Group role **Group Viewer** grants users a selection of view permissions on the Group, and also a selection of Organization-level viewer permissions to grant users who have that role read-only access to all Organizations in the Group. Organization roles contain only permissions at the Organization level. Organization roles are useful for granting specific permissions for a selection of organizations. You can use a combination of Organization and Group-level roles to grant specific access across your all roles. For example, if you want a user to have **Organization Admin** access to a particular Organization, but have read-only access to the rest of the Organizations in the Group, you can grant that user the **Group Viewer** role at the Group level and the **Organization Admin** role for the Organization you choose. ## Organization-level permissions This table details the Organization-level permissions that apply to each pre-defined role.
Org AdminOrg CollaboratorGroup AdminGroup ViewerGroup Member
View Organization✔️✔️✔️✔️
Edit Organization✔️✔️
Remove Organization✔️✔️
View Audit Logs✔️✔️✔️
View Billing✔️✔️
Edit Billing✔️✔️
View Collections✔️✔️✔️✔️
Edit Collections✔️✔️
Create Collections✔️✔️
Delete Collections✔️✔️
View Container Image✔️✔️
View Entitlements✔️✔️✔️✔️
View Integrations✔️✔️✔️✔️
Edit Integrations✔️✔️
Publish Kubernetes Resources✔️✔️
Test Packages✔️✔️✔️
View Project✔️✔️✔️✔️
Add Project✔️✔️✔️
Edit Project✔️✔️✔️
Edit Project Status✔️✔️✔️
Test Project✔️✔️✔️
Move Project✔️✔️
Remove Project✔️✔️✔️
View Project History✔️✔️✔️✔️
Edit Project Integrations✔️✔️
Edit Project Attributes✔️✔️
View Jira Issues✔️✔️✔️✔️
Create Jira Issues✔️✔️✔️
Edit Project Tags✔️✔️✔️
View Ignores✔️✔️✔️✔️
Create Ignores✔️✔️✔️
Edit Ignores✔️✔️✔️
Remove Ignores✔️✔️✔️
Create pull requests✔️✔️✔️
Mark pull request checks as successful✔️✔️
View Organization reports✔️✔️✔️✔️
Edit Organization reports✔️✔️
View service accounts✔️✔️✔️
Create service accounts✔️✔️
Edit service accounts✔️✔️
Remove service accounts✔️✔️
View Apps✔️✔️
Install Apps✔️✔️
Create Apps✔️✔️
Edit Apps✔️✔️
Delete Apps✔️✔️
View environments✔️✔️✔️✔️
Create environments✔️✔️
Delete environments✔️✔️
Update environments✔️✔️
View scans✔️✔️✔️✔️
Create scans✔️✔️✔️
View resources✔️✔️✔️✔️
View artifacts✔️✔️✔️✔️
Create artifacts✔️✔️✔️
View Custom Rules✔️✔️✔️✔️
Create Custom Rules✔️✔️✔️
Edit Custom Rules✔️✔️✔️
Delete Custom Rules✔️✔️✔️
View Snyk Preview features✔️✔️✔️
Edit Snyk Preview features✔️✔️
View Users✔️✔️✔️✔️
Invite Users✔️✔️
Manage Users✔️✔️
Add Users✔️✔️
Provision Users✔️✔️
User Leave✔️✔️✔️
User Remove✔️✔️
View Outbound Webhooks✔️✔️
Create Outbound Webhooks✔️✔️
Remove Outbound Webhooks✔️✔️
View Organization assignments✔️✔️
Create assignments✔️✔️
Delete assignments✔️✔️
Edit assignments✔️✔️
Snyk Learn Management✔️✔️
## Group-level permissions This table details the Group-level permissions that apply to each pre-defined role.
Org AdminOrg CollaboratorGroup AdminGroup ViewerGroup Member
View Groups✔️✔️✔️
Edit Group details✔️
View Group settings✔️
Edit Group settings✔️
View Group notification settings✔️
Edit Group notification settings✔️
View Organizations✔️✔️✔️
Add Organizations✔️
Remove Organizations✔️
View Snyk Essentials✔️✔️
Edit Snyk Essentials✔️
View audit logs✔️
View IaC settings✔️
Edit IaC settings✔️
View Issues✔️✔️
View reports✔️✔️
Edit reports✔️
View request access settings✔️
Edit request access settings✔️
Read Roles✔️
Create Roles✔️
Edit Roles✔️
Remove Roles✔️
View policies✔️✔️
Create policies✔️
Edit policies✔️
Delete policies✔️
View service accounts✔️
Create service accounts✔️
Edit service accounts✔️
Remove service accounts✔️
View Apps✔️
Install Apps✔️
Edit Apps✔️
View Snyk Preview features✔️
Edit Snyk Preview features✔️
View SSO settings✔️
Edit SSO settings✔️
View Tags✔️✔️✔️
View users✔️✔️✔️
Add users to Group✔️
Provision users✔️
Edit users in Group✔️
Remove users✔️
Delete users✔️
Assign and Unassign Roles✔️
## Tenant-level permissions Tenant permissions are set and managed on the Tenant **Members** page.\ The available Tenant roles are: **Tenant Admin**, **Tenant Viewer**, and **Tenant Member**. For more information, see [Manage users in a Tenant](https://docs.snyk.io/snyk-platform-administration/groups-and-organizations/tenant/manage-users-in-a-tenant). This table details the Tenant-level permissions that apply to each pre-defined role: | | Tenant Admin | Tenant Viewer | Tenant Member | | ----------------------------- | -------------------- | -------------------- | -------------------- | | View Tenant | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | | Edit Tenant | :heavy\_check\_mark: | | | | List Group | :heavy\_check\_mark: | :heavy\_check\_mark: | | | View Membership | :heavy\_check\_mark: | :heavy\_check\_mark: | | | Edit Membership | :heavy\_check\_mark: | | | | Edit Owner | :heavy\_check\_mark: | | | | Create SSO | :heavy\_check\_mark: | | | | Edit SSO | :heavy\_check\_mark: | | | | View SSO | :heavy\_check\_mark: | :heavy\_check\_mark: | | | Delete SSO | :heavy\_check\_mark: | | | | View User | :heavy\_check\_mark: | :heavy\_check\_mark: | | | View Report | :heavy\_check\_mark: | :heavy\_check\_mark: | | | View Billing | :heavy\_check\_mark: | :heavy\_check\_mark: | | | Raise Support Community Cases | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | | View Support Community Cases | :heavy\_check\_mark: | | | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.snyk.io/snyk-platform-administration/user-roles/pre-defined-roles.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.