> ## Documentation Index
> Fetch the complete documentation index at: https://docs.together.ai/llms.txt
> Use this file to discover all available pages before exploring further.
# Roles & permissions (RBAC)
> Understand Organization and Project role-based access control (RBAC) including Admin and Member roles and what each can do across the Together platform
Together uses role-based access control (RBAC) at both the [Organization](/docs/organizations) and [Project](/docs/projects) level. Every Member of an Organization is assigned a role, and every Collaborator of a Project is assigned a role. There are two roles: **Admin** and **Member**.
Roles and permissions are being progressively rolled out across Together's products and services. This page will be updated as more granular controls become available.
## Organization Roles
| Role | Scope | Description |
| ---------- | --------------- | --------------------------------------------------------------------------------------------- |
| **Admin** | Org-wide | Full access to all Organization settings, billing, Members, and Projects. |
| **Member** | Org (read-only) | Can see Organization-level info and the Projects list. Joins Projects as a Member by default. |
The creator ("Owner") of an Organization is a special Admin. They cannot be removed from the Organization, their role cannot be changed from Admin, and they cannot delete their own account.
### Organization Permissions
| Scope | Admin | Member |
| ---------------------------- | ----- | ------ |
| Organization settings: Read | Yes | Yes |
| Organization settings: Write | Yes | No |
| Billing: Read | Yes | Yes |
| Billing: Write | Yes | No |
| Projects: Read | Yes | Yes |
| Projects: Create | Yes | No |
| Members: Read | Yes | Yes |
| Members: Invite | Yes | No |
| Members: Remove | Yes | No |
| Members: Manage roles | Yes | No |
## Project Roles
| Role | Description |
| ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Admin** | Can access and update Project settings. Organization Admins are granted Project Admin in any Project they join. Organization Members can be promoted to Project Admin by an existing Project Admin. |
| **Member** | Can use the Project's resources but cannot access or update Project settings. Organization Members are added to Projects as Project Members by default. |
### Project Permissions
| Scope | Admin | Member |
| --------------------------- | ----- | ------ |
| Project settings: Read | Yes | Yes |
| Project settings: Write | Yes | No |
| Project cost analytics | Yes | Yes |
| API keys: Read | Yes | Yes |
| API keys: Create | Yes | Yes |
| API keys: Revoke | Yes | Yes |
| Collaborators: Read | Yes | Yes |
| Collaborators: Add | Yes | No |
| Collaborators: Remove | Yes | No |
| Collaborators: Manage roles | Yes | No |
## External Collaborators (Beta)
This feature is in beta. [Contact support](https://portal.usepylon.com/together-ai/forms/support-request) to enable it.
An External Collaborator is someone who participates in a Project without being a Member of the Project's parent Organization. They can be assigned any role within the Project but have no Organization-level permissions beyond seeing the Organization's name.
What External Collaborators can do:
* Full access to any Project they have been explicitly added to (based on their Project role)
* View their own profile settings
What they cannot do:
* Access billing settings
* View the Organization Members list
* See Organization-level settings
## Product-Specific Permissions
### GPU Clusters (Control Plane)
The control plane covers infrastructure operations: creating, modifying, and deleting clusters and volumes.
| Action | Admin | Member |
| ------------------------------- | ----- | ------ |
| Create clusters | Yes | No |
| Delete clusters | Yes | No |
| Scale clusters | Yes | No |
| Modify cluster configurations | Yes | No |
| Create and resize volumes | Yes | No |
| View cluster status and details | Yes | Yes |
| View volume details | Yes | Yes |
### GPU Clusters (Data Plane)
The data plane covers using clusters for actual work: running jobs, accessing nodes, executing workloads.
| Action | Admin | Member |
| ---------------------------------- | ----- | ------ |
| SSH into cluster nodes | Yes | Yes |
| Run Kubernetes workloads (kubectl) | Yes | Yes |
| Access Kubernetes Dashboard | Yes | Yes |
| Submit Slurm jobs | Yes | Yes |
| Read and write to volumes | Yes | Yes |
**Control plane vs data plane:** Think of the control plane as "managing the infrastructure" and the data plane as "using the infrastructure." Members have full access to use clusters for their work. They just cannot create, delete, or resize them.
### Fine-Tuning, Endpoints, Serverless Inference & Other Products
Role-based access control for Fine-Tuning, Endpoints, Serverless Inference, and other Together products is still being rolled out. Today, all Project Collaborators (both Admin and Member) have full access to these services.
## What's Coming
Together is actively rolling out RBAC across more services. Granular permissions for fine-tuning, dedicated endpoints, and serverless inference are coming soon.
Have a specific RBAC requirement? [Let us know](https://portal.usepylon.com/together-ai/forms/support-request) -- customer feedback directly shapes our roadmap.
## Related
Create workspaces and manage team access
How users, credentials, and resources are organized