> ## Documentation Index
> Fetch the complete documentation index at: https://docs.keydris.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Roles and permissions

> Scope what each member can view and change.

Access in Keydris is governed by per-organization roles. Each member holds a role, and that role determines which surfaces they see and which actions they can take. The navigation only shows what a role can access, and the API enforces every action regardless of the UI, so hiding a screen is never the only safeguard.

## System roles

| Role           | Access                                                                    |
| -------------- | ------------------------------------------------------------------------- |
| **Admin**      | Full access to every resource and setting.                                |
| **User**       | Day-to-day operator access, minus organization and member administration. |
| **Management** | Reserved role. No permissions granted yet.                                |
| **Accounting** | Reserved role. No permissions granted yet.                                |

System roles are protected from edits. You can review exactly what each role grants under **Settings** then **Roles**.

## Permissions

Permissions are grouped by area:

| Group        | Permission                 | What it grants                                    |
| ------------ | -------------------------- | ------------------------------------------------- |
| Organization | Manage organization        | Create, rename, and archive organizations.        |
| Organization | Manage members             | Invite members and change their roles.            |
| Agents       | Manage agents              | Create, edit, and revoke autonomous agents.       |
| Agents       | View agents                | Browse the agent directory and details.           |
| Policies     | Manage policies            | Author and version policies.                      |
| Policies     | View policies              | Read policy definitions and version history.      |
| Payments     | Manage payment instruments | Add or remove stored payment instruments.         |
| Payments     | View payment instruments   | View stored payment instruments.                  |
| Audit        | View decisions             | Inspect authorization allow and reject decisions. |
| Audit        | View audit log             | Read the tamper-evident audit trail.              |

<Note>
  If you cannot see a page or setting, your role likely does not include the matching permission. Ask an organization Admin to update your role.
</Note>