> ## Documentation Index
> Fetch the complete documentation index at: https://docs.reducto.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Roles & Permissions

> Organization roles in Reducto Studio and what each role can do

Reducto Studio uses three roles to control what members of your organization can do. Roles are assigned per-organization, so a user can have different roles in different orgs.

## Roles

| Role       | Description                                                                              |
| ---------- | ---------------------------------------------------------------------------------------- |
| **Owner**  | Full control over the organization, including destructive actions like deleting the org. |
| **Admin**  | Day-to-day management of members, API keys, and billing. Cannot delete the organization. |
| **Member** | Can use Studio and the API but cannot manage org settings.                               |

Roles are hierarchical: Owners can do everything Admins can, and Admins can do everything Members can.

***

## API Keys

API key management has two distinct permission levels:

| Action                     | Owner | Admin | Member |
| -------------------------- | :---: | :---: | :----: |
| **Create** API keys        |  Yes  |  Yes  |   Yes  |
| **View** API keys          |  Yes  |  Yes  |   Yes  |
| **Edit** (rename) API keys |  Yes  |  Yes  |   No   |
| **Delete** API keys        |  Yes  |  Yes  |   No   |

<Note>
  API keys are scoped to the organization, not to the individual who created them. Any valid key authenticates requests on behalf of the entire org.
</Note>

***

## Full Permissions Matrix

| Capability                                | Owner | Admin | Member |
| ----------------------------------------- | :---: | :---: | :----: |
| Use Studio (pipelines, processors, files) |  Yes  |  Yes  |   Yes  |
| Call the API with an org key              |  Yes  |  Yes  |   Yes  |
| View usage and request logs               |  Yes  |  Yes  |   Yes  |
| Create API keys                           |  Yes  |  Yes  |   Yes  |
| Edit/delete API keys                      |  Yes  |  Yes  |   No   |
| Manage billing and payment methods        |  Yes  |  Yes  |   No   |
| Invite members                            |  Yes  |  Yes  |   No   |
| Remove members                            |  Yes  |  Yes  |   No   |
| Change member roles                       |  Yes  |  Yes  |   No   |
| Delete the organization                   |  Yes  |   No  |   No   |

***

## Managing Roles

To change a member's role:

1. Navigate to **Settings** in the sidebar
2. Find the member in the users list
3. Use the role dropdown to select a new role

You can only change roles for members at or below your own privilege level. For example, an Admin cannot change another Admin's role to Member, but an Owner can.

***

## Related

<CardGroup cols={2}>
  <Card title="Account & Settings" href="/studio-account">
    API key management, usage, and billing overview.
  </Card>

  <Card title="Security Policies" href="/security/policies">
    Data handling, retention, and compliance.
  </Card>
</CardGroup>
