> ## Documentation Index
> Fetch the complete documentation index at: https://docs.uselayers.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Manage roles and permissions

> Control what each teammate can do in your Layers store with built-in roles, custom roles, a grouped permission picker, and resource-scoped permissions.

The **Roles & Permissions** page lets you control exactly what each teammate can do in your store. Open it from **Settings > Roles & Permissions**, under **Access & Security**. From here you can review the built-in roles, build your own custom roles, and fine-tune access down to individual permissions.

Managing roles requires the **Invite members, assign roles, manage custom roles** permission, which is granted to the Owner and Admin roles.

## Built-in roles

Every store comes with a set of built-in roles. You can assign these roles when [inviting a teammate](/help/configuration/manage-team-members) or from a member's access page.

| Role             | What it grants                                                                                                                                                   |
| ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Owner**        | Full access to everything, including transferring ownership. There is exactly one Owner per store, and the role is assigned only through **Transfer Ownership**. |
| **Admin**        | Full access to manage the store, members, and configuration. This role is locked — it can't be edited or deleted.                                                |
| **Merchandiser** | Manage all merchandising and search tuning (view and edit). View the catalog and analytics.                                                                      |
| **Developer**    | Configure the store, manage API keys and webhooks, stream live search logs, and run operations. View the catalog.                                                |
| **Analyst**      | Read-only access across the catalog, analytics, all merchandising, and all search tuning.                                                                        |
| **Member**       | View the store, catalog, and analytics. This is the default role for new invites.                                                                                |

## Permissions

Permissions are organized into groups so they're easy to scan. The permission picker is searchable and each group is collapsible, so you can quickly find and toggle exactly what you need.

| Group             | Permissions                                                                                                                                                 |
| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **General**       | View store, Configure store settings                                                                                                                        |
| **Catalog**       | Read catalog                                                                                                                                                |
| **Analytics**     | View analytics                                                                                                                                              |
| **Merchandising** | Merchandising rules, Blocks, Sort orders, Attributes, Product families, Product sequences — each available as **View** and **Edit**                         |
| **Search Tuning** | Relevancy & signal weights, Ranking rules, Request transforms, Semantic redirects, Autocomplete, Query expansions — each available as **View** and **Edit** |
| **Operations**    | Run operations (syncs, bulk ops, maintenance)                                                                                                               |
| **Developer**     | Manage API keys, Manage webhooks, Stream live search logs                                                                                                   |
| **Billing**       | Manage billing                                                                                                                                              |
| **Access**        | Invite members, assign roles, manage custom roles                                                                                                           |

## Custom roles

If the built-in roles don't fit how your team works, create your own.

1. Go to **Settings > Roles & Permissions**.
2. Create a role and give it a **name** and a short **description**.
3. Use the grouped permission picker to select exactly which permissions the role grants.
4. Save the role. It's now available to assign to members.

Unlike most built-in roles, custom roles are fully **editable and deletable**.

## Resource-scoped permissions

Two edit permissions can be limited to specific resources instead of applying to everything:

* **Edit merchandising rules** — limit to specific collections.
* **Edit sort orders** — limit to specific sort orders.

When you grant one of these permissions, you can choose the resources it applies to. Leave the resource list **empty to apply the permission to all** collections or sort orders.

## Delete a role

To delete a custom role, first **reassign any members** who currently hold it to another role. Once no members are assigned, you can delete the role.

<Note>
  The Admin role is locked and can't be deleted. The Owner role is managed only through **Transfer Ownership**.
</Note>

## Next steps

* [Manage team members](/help/configuration/manage-team-members) to invite teammates and assign roles.
* [Manage API access](/help/configuration/manage-api-access) to create tokens for developers.
