grafana/docs/sources/permissions/organization_roles.md

+++
title = "Organization roles"
description = "Grafana organization roles guide "
keywords = ["grafana", "configuration", "documentation", "organization", "roles", "permissions"]
weight = 100
+++

# Organization roles

Users can belong to one or more organizations. A user's organization membership is tied to a role that defines what the user is allowed to do in that organization. Grafana supports multiple _organizations_ in order to support a wide variety of deployment models, including using a single Grafana instance to provide service to multiple potentially untrusted organizations.

In most cases, Grafana is deployed with a single organization.

Each organization can have one or more data sources.

All dashboards are owned by a particular organization.

> **Note:** Most metric databases do not provide per-user series authentication. This means that organization data sources and dashboards are available to all users in a particular organization.

## Compare roles

The table below compares what each role can do. Read the sections below for more detailed explanations.

|    | Admin   | Editor   | Viewer   |
|:---|:--:|:--:|:--:|
| View dashboards   |  x  |  x  |  x  |
| Add, edit, delete dashboards   |  x  |  x  |    |
| Add, edit, delete folders   |  x  |  x  |    |
| View playlists   |  x  |  x  |  x  |
| Create, update, delete playlists   |  x  |  x  |    |
| Access Explore   |  x  |  x  |    |
| Add, edit, delete data sources   |  x  |    |    |
| Add and edit users   |  x  |    |    |
| Add and edit teams   |  x  |    |    |
| Change organizations settings   |  x  |    |    |
| Change team settings   |  x  |    |    |
| Configure app plugins   |  x  |    |    |

## Organization admin role

Can do everything scoped to the organization. For example:

- Can add, edit, and delete data sources.
- Can add and edit users and teams in their organization.
- Can add, edit, and delete folders containing dashboards for data sources associated with their organization. They can also edit folder permissions.
- Can configure app plugins and organization settings.
- Can do everything allowed by the Editor role.

## Editor role

- Can view, add, and edit dashboards, panels, and alert rules in dashboards they have access to. This can be disabled on specific folders and dashboards.
- Can add, edit, and delete folders containing dashboards for data sources associated with their organization. They cannot edit folder permissions.
- Can create, update, or delete playlists.
- Can access Explore.
- Can add, edit, or delete alert notification channels.
- Cannot add, edit, or delete data sources.
- Cannot manage other organizations, users, and teams.

This role can be changed with the Grafana server setting [editors_can_admin]({{< relref "../administration/configuration.md#editors_can_admin" >}}). If you set this to `true`, then users with the Editor role can also administrate dashboards, folders, and teams they create. This is especially useful for enabling self-organizing teams to administer their own dashboards.

## Viewer role

- Can view any dashboard they have access to. This can be disabled on specific folders and dashboards.
- Cannot add, edit, or delete data sources.
- Cannot add, edit, or delete dashboards or panels.
- Cannot create, update, or delete playlists.
- Cannot add, edit, or delete alert notification channels.
- Cannot access Explore.
- Cannot manage other organizations, users, and teams.

This role can be changed with the Grafana server setting [viewers_can_edit]({{< relref "../administration/configuration.md#viewers-can-edit" >}}). If you set this to `true`, then users with the Viewer role can:
- Make transient dashboard edits, meaning they can modify panels and queries but not save the changes or create new dashboards.
- Access and use [Explore]({{< relref "../explore/_index.md" >}}).

This is especially useful for public Grafana installations where you want anonymous users to be able to edit panels and queries but not save or create new dashboards.