Get Started
Data
Analytics
Amplitude AI
Session Replay
Guides and Surveys
Experiment
Admin
SDKs APIs
Partners
FAQ
Monthly tracked users (MTUs) billing guide Usage reports: Understand how your organization uses Amplitude
The Settings page Change the unit of currency your project uses Set up SCIM provisioning in Amplitude Portfolio: Conduct cross-project analysis in Amplitude Manage organizations and projects Manage permissions at scale with permission groups Manage user privacy notifications in Amplitude Manage users and permissions User roles and permissions in Amplitude Self-service data deletion in Amplitude Webhooks for custom monitors Manage your API keys and secret keys
Single sign-on (SSO) in Amplitude Set up single sign-on (SSO) for Amplitude using Auth0 Set up single sign-on (SSO) for Amplitude using G Suite Set up single sign-on (SSO) for Amplitude using Microsoft Azure Active Directory Set up single sign-on (SSO) for Amplitude using Okta Set up single sign-on (SSO) for Amplitude using OneLogin Set up single sign-on (SSO) for Amplitude using another service
Admin
/
Account management
/
Manage RBAC Roles

Manage RBAC Roles

Administrators in your organization can create new roles and update existing roles. All changes take effect immediately.

Amplitude recommends you follow the principle of least privilege. This states that when you create or edit a role, grant the minimum necessary permissions that enable a user with that role to do their job. Adding “just in case” permissions can open unnecessary security risks. Amplitude’s RBAC system is flexible, so you can update roles to add permissions later, as needed.

Creating a new role

If you’re an org administrator, navigate to Org Settings > Role Management. This page lists existing roles in your organization and includes a description, the type of role, and the user who last modified the role.

Creating a new role
  1. Click +New Role.
  2. Provide a Role Name and Description. Amplitude recommends using a descriptive role name with a maximum of 30 characters, like “Analyst” or “Marketing,” and a short description of the role.
  3. Click Create to continue.

Amplitude organizes permissions by product area and displays only the products and features available to your organization. All new roles inherit permissions from the default Member role. For each product area, you can grant Base permissions, Expanded permissions, or Full permissions:

  • Base permissions: Permissions Amplitude provides by default to non-Admin users
  • Expanded permissions: Permissions beyond the default but not full permissions
  • Full permissions: All permissions for the product area

Within each product area, select the individual permissions to grant to the role. After you set the role's permissions, click Save Changes.

After you create a role, it’s immediately available to assign to users or groups.

Edit an existing role

Org administrators can edit and update existing roles following the same flow as creating a new role. Navigate to Org Settings > Role Management to begin.

Editing a role
  1. Click the role to edit.
  2. Update the permissions on the role.
  3. Click Save.

Upon saving the role, the permissions update applies immediately to users with that role assignment. Before you update a role, Amplitude recommends that you audit where your organization uses that role to help minimize disruption.

Was this page helpful?

October 28th, 2025

Need help? Contact Support

Visit Amplitude.com

Have a look at the Amplitude Blog

Learn more at Amplitude Academy

Terms of Service Privacy Notice Acceptable Use Policy Legal

© 2025 Amplitude, Inc. All rights reserved. Amplitude is a registered trademark of Amplitude, Inc.