> For the complete documentation index, see [llms.txt](https://support.fibr.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://support.fibr.ai/get-started-with-fibr-ai/compliance-and-permissions/role-based-access-and-tenant-controls.md). # Role-Based Access & Tenant Controls Fibr gives you control over who can access your workspace and what they can do. This page explains how roles work and how to manage your team securely. *** #### Understanding Roles Fibr currently offers two permission levels:
RoleWhat They Can DoWhat They Can't Do
AdminEverything. Full access to all features, settings, and data.No restrictions.
MemberCreate and manage experiments, personalization campaigns, and view analytics.Cannot invite/remove team members, access billing, or modify integrations.
**Who gets which role?** * The first person to create a workspace automatically becomes an Admin * Admins choose the role when inviting new teammates * You can change someone's role at any time from Settings → Team *** #### Best Practices for Access Management * **Limit Admin access:** Only give Admin access to people who genuinely need it: team leads, managers, or whoever handles billing and integrations. Most day-to-day users only need Member access. * **Review access regularly:** Check your team list quarterly. Remove anyone who's left the company or no longer needs access. Stale accounts are a security risk. * **Remove access promptly when someone leaves:** When a team member leaves your organization, remove their Fibr access immediately. Go to Settings → Team, find their name, and click Remove. * **Use SSO for centralized control (Enterprise):** If you're on an Enterprise plan, enable SSO. This lets you manage Fibr access through your identity provider, so access is automatically revoked when someone leaves your organization. *** #### Workspace Isolation Each Fibr workspace is completely isolated: * Team members can only see data from their own workspace * Experiments and campaigns don't cross workspaces * Integrations are workspace-specific If you manage multiple brands or clients, create separate workspaces for each one. This keeps data separate and lets you control access independently. **To create a new workspace:** Contact . We'll help you set up additional workspaces based on your plan. *** #### Coming Soon We're building more granular permissions for enterprise teams: * **View-only access** for stakeholders who need to see results but not edit campaigns * **Project-level permissions** to restrict access to specific experiments or campaigns * **Custom roles** to define exactly what each team member can do Want early access or have specific requirements? Let us know at . --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://support.fibr.ai/get-started-with-fibr-ai/compliance-and-permissions/role-based-access-and-tenant-controls.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.