Roles and permissions are being progressively rolled out across Together’s products and services. This page will be updated as more granular controls become available.
Organization Roles
| Role | Scope | Description |
|---|---|---|
| Admin | Org-wide | Full access to all Organization settings, billing, Members, and Projects. |
| Member | Org (read-only) | Can see Organization-level info and the Projects list. Joins Projects as a Member by default. |
The creator (“Owner”) of an Organization is a special Admin. They cannot be removed from the Organization, their role cannot be changed from Admin, and they cannot delete their own account.
Organization Permissions
| Scope | Admin | Member |
|---|---|---|
| Organization settings: Read | Yes | Yes |
| Organization settings: Write | Yes | No |
| Billing: Read | Yes | Yes |
| Billing: Write | Yes | No |
| Projects: Read | Yes | Yes |
| Projects: Create | Yes | No |
| Members: Read | Yes | Yes |
| Members: Invite | Yes | No |
| Members: Remove | Yes | No |
| Members: Manage roles | Yes | No |
Project Roles
| Role | Description |
|---|---|
| Admin | Can access and update Project settings. Organization Admins are granted Project Admin in any Project they join. Organization Members can be promoted to Project Admin by an existing Project Admin. |
| Member | Can use the Project’s resources but cannot access or update Project settings. Organization Members are added to Projects as Project Members by default. |
Project Permissions
| Scope | Admin | Member |
|---|---|---|
| Project settings: Read | Yes | Yes |
| Project settings: Write | Yes | No |
| Project cost analytics | Yes | Yes |
| API keys: Read | Yes | Yes |
| API keys: Create | Yes | Yes |
| API keys: Revoke | Yes | Yes |
| Collaborators: Read | Yes | Yes |
| Collaborators: Add | Yes | No |
| Collaborators: Remove | Yes | No |
| Collaborators: Manage roles | Yes | No |
External Collaborators
An External Collaborator is someone who participates in a Project without being a Member of the Project’s parent Organization. They can be assigned any role within the Project but have no Organization-level permissions beyond seeing the Organization’s name. What External Collaborators can do:- Full access to any Project they have been explicitly added to (based on their Project role)
- View their own profile settings
- Access billing settings
- View the Organization Members list
- See Organization-level settings
Product-Specific Permissions
GPU Clusters (Control Plane)
The control plane covers infrastructure operations: creating, modifying, and deleting clusters and volumes.| Action | Admin | Member |
|---|---|---|
| Create clusters | Yes | No |
| Delete clusters | Yes | No |
| Scale clusters | Yes | No |
| Modify cluster configurations | Yes | No |
| Create and resize volumes | Yes | No |
| View cluster status and details | Yes | Yes |
| View volume details | Yes | Yes |
GPU Clusters (Data Plane)
The data plane covers using clusters for actual work: running jobs, accessing nodes, executing workloads.| Action | Admin | Member |
|---|---|---|
| SSH into cluster nodes | Yes | Yes |
| Run Kubernetes workloads (kubectl) | Yes | Yes |
| Access Kubernetes Dashboard | Yes | Yes |
| Submit Slurm jobs | Yes | Yes |
| Read and write to volumes | Yes | Yes |
Control plane vs data plane: Think of the control plane as “managing the infrastructure” and the data plane as “using the infrastructure.” Members have full access to use clusters for their work. They just cannot create, delete, or resize them.
Fine-Tuning, Endpoints, Serverless Inference & Other Products
Role-based access control for Fine-Tuning, Endpoints, Serverless Inference, and other Together products is still being rolled out. Today, all Project Collaborators (both Admin and Member) have full access to these services.What’s Coming
Together is actively rolling out RBAC across more services. Granular permissions for fine-tuning, dedicated endpoints, and serverless inference are coming soon.Have a specific RBAC requirement? Let us know — customer feedback directly shapes our roadmap.
Related
Projects
Create workspaces and manage team access
Together's IAM Model
How users, credentials, and resources are organized