# Manage RBAC roles

Create and update RBAC roles for Amplitude organization permissions.

Source: https://amplitude.com/docs/admin/account-management/manage-rbac-roles

---

On this page

- [Create a new role](#create-a-new-role)
- [Edit an existing role](#edit-an-existing-role)

# Manage RBAC roles

Administrators in your organization can create new roles and update existing roles. All changes take effect immediately.

Amplitude recommends the principle of least privilege. When you create or edit a role, grant the minimum permissions a user needs to do their job. Adding "just in case" permissions can create unnecessary security risks. Amplitude's RBAC system is flexible, so you can update roles to add permissions later.

## Create a new role

If you’re an org administrator, navigate to *Org Settings > Role Management*. This page lists existing roles in your organization and includes a description, the type of role, and the user who last modified the role.

1. Click **+New Role**.
2. Provide a Role Name and Description. Amplitude recommends a descriptive role name with a maximum of 30 characters, such as "Analyst" or "Marketing," and a short role description.
3. Click **Create** to continue.

Amplitude organizes permissions by product area and displays only the products and features available to your organization. All new roles inherit permissions from the default `Member` role. For each product area, you can grant Base permissions, Expanded permissions, or Full permissions:

- **Base permissions**: Permissions Amplitude provides by default to non-Admin users.
- **Expanded permissions**: Permissions beyond the default but not full permissions.
- **Full permissions**: All permissions for the product area.

Within each product area, select the individual permissions to grant to the role. After you set the role's permissions, click **Save Changes**.

After you create a role, it’s immediately available to assign to users or groups.

## Edit an existing role

Org administrators can edit and update existing roles with the same flow as creating a new role. Navigate to *Org Settings > Role Management* to begin.

1. Click the role to edit.
2. Update the permissions on the role.
3. Click **Save**.

When you save the role, the permissions update applies immediately to users with that role assignment. Before you update a role, Amplitude recommends that you audit where your organization uses that role to help minimize disruption.

Was this helpful?

<!--$-->

<!--/$-->