# Role-Based Access & Tenant Controls

Fibr gives you control over who can access your workspace and what they can do. This page explains how roles work and how to manage your team securely.

***

#### Understanding Roles

Fibr currently offers two permission levels:

<table><thead><tr><th width="121.34765625">Role</th><th width="312.203125">What They Can Do</th><th>What They Can't Do</th></tr></thead><tbody><tr><td><strong>Admin</strong></td><td>Everything. Full access to all features, settings, and data.</td><td>No restrictions.</td></tr><tr><td><strong>Member</strong></td><td>Create and manage experiments, personalization campaigns, and view analytics.</td><td>Cannot invite/remove team members, access billing, or modify integrations.</td></tr></tbody></table>

**Who gets which role?**

* The first person to create a workspace automatically becomes an Admin
* Admins choose the role when inviting new teammates
* You can change someone's role at any time from Settings → Team

***

#### Best Practices for Access Management

* **Limit Admin access:** Only give Admin access to people who genuinely need it: team leads, managers, or whoever handles billing and integrations. Most day-to-day users only need Member access.
* **Review access regularly:** Check your team list quarterly. Remove anyone who's left the company or no longer needs access. Stale accounts are a security risk.
* **Remove access promptly when someone leaves:** When a team member leaves your organization, remove their Fibr access immediately. Go to Settings → Team, find their name, and click Remove.
* **Use SSO for centralized control (Enterprise):** If you're on an Enterprise plan, enable SSO. This lets you manage Fibr access through your identity provider, so access is automatically revoked when someone leaves your organization.

***

#### Workspace Isolation

Each Fibr workspace is completely isolated:

* Team members can only see data from their own workspace
* Experiments and campaigns don't cross workspaces
* Integrations are workspace-specific

If you manage multiple brands or clients, create separate workspaces for each one. This keeps data separate and lets you control access independently.

**To create a new workspace:** Contact <support@fibr.ai>. We'll help you set up additional workspaces based on your plan.

***

#### Coming Soon

We're building more granular permissions for enterprise teams:

* **View-only access** for stakeholders who need to see results but not edit campaigns
* **Project-level permissions** to restrict access to specific experiments or campaigns
* **Custom roles** to define exactly what each team member can do

Want early access or have specific requirements? Let us know at <support@fibr.ai>.