Administrators in your organization can create new roles and update existing roles. All changes take effect immediately.

Amplitude recommends the principle of least privilege. When you create or edit a role, grant the minimum permissions a user needs to do their job. Adding "just in case" permissions can create unnecessary security risks. Amplitude's RBAC system is flexible, so you can update roles to add permissions later.

## Create a new role

If you’re an org administrator, navigate to _Org Settings > Role Management_. This page lists existing roles in your organization and includes a description, the type of role, and the user who last modified the role.

1. Click **+New Role**.
2. Provide a Role Name and Description. Amplitude recommends a descriptive role name with a maximum of 30 characters, such as "Analyst" or "Marketing," and a short role description.
3. Click **Create** to continue.

Amplitude organizes permissions by product area and displays only the products and features available to your organization. All new roles inherit permissions from the default `Member` role. For each product area, you can grant Base permissions, Expanded permissions, or Full permissions:

- **Base permissions**: Permissions Amplitude provides by default to non-Admin users.
- **Expanded permissions**: Permissions beyond the default but not full permissions.
- **Full permissions**: All permissions for the product area.

Within each product area, select the individual permissions to grant to the role. After you set the role's permissions, click **Save Changes**.

After you create a role, it’s immediately available to assign to users or groups.

## Edit an existing role

Org administrators can edit and update existing roles with the same flow as creating a new role. Navigate to _Org Settings > Role Management_ to begin.

1. Click the role to edit.
2. Update the permissions on the role.
3. Click **Save**.

When you save the role, the permissions update applies immediately to users with that role assignment. Before you update a role, Amplitude recommends that you audit where your organization uses that role to help minimize disruption.