RBAC role types#
Feature availability
- The Project Editor role is available on Pro Cloud and Self-hosted Enterprise plans.
- The Project Viewer role is only available on Self-hosted Enterprise and Cloud Enterprise plans.
Within projects, there are three user roles: Admin, Editor and Viewer. These roles control what the user can do in a project. A user can have different roles within different projects.
Project Admin#
A Project Admin role has the highest level of permissions. As well as managing project settings (name and deletion), project members (inviting, changing roles and removing) admins can also view, create, update and delete any workflows, credentials or executions within a project.
Project Editor#
A Project Editor can view, create, update and delete any workflows, credentials or executions within a project.
Project Viewer#
A Project Viewer is effectively a 'read-only' role with access to all workflows, credentials and executions within a project. Viewers aren't able to manually execute any workflows that exist in a project.
Role types and account types
Role types and account types are different things. Every account has one type. The account can have different role types for different projects.
| Permission | Admin | Editor | Viewer |
|---|---|---|---|
| View workflows in the project |  |
|
|
| View credentials in the project | |
|
|
| View executions | |
|
|
| Edit credentials and workflows | |
|
 |
| Add workflows and credentials | |
|
|
| Execute workflows | |
|
|
| Manage members | |
|
|
| Modify the project | |
|
|
Variables and tags aren't affected by RBAC: they're global across the n8n instance.