| Admin | Has the highest level of privileges. Admins have full control over various resources, including workflows, metrics, flags, IAM policies, events, and billing. They hold permissions to administer, edit, create, and view various entities within the system. |
| Editor | General role for editing various resources. Editors have permissions to create, update, and manage entities within workflows, metrics, flags, IAM, and events. |
| Creator | General role for creating various resources. Creators have permissions to create, and thereby make themselves owner of, entities within workflows, metrics, flags, IAM, and events. |
| Reader | General role for read-only access. Readers can view various entities across workflows, metrics, flags, IAM, and events. |
| Billing Admin | Specifically handles billing-related administrative tasks. They have permissions related to billing administration. |
| Events Editor | Manages and edits event-related resources. They have permissions to create, edit, and manage events, event connections, event definitions, and related cryptographic keys. |
| Events Reader | Has read-only access to event-related resources. They can view events, event connections, event definitions, and related cryptographic keys. |
| Flags Editor | Manages and edits feature flags and related segments. They can create, edit, and manage flags, segments, and evaluation context schemas. |
| Flags Reader | Has read-only access to feature flags and related segments. They can view flags, segments, and evaluation context schemas. |
| Flags Resolver Logger | Involved in logging resolve information for flags. They have permissions related to administration of resolve information and flag assignments. |
| Flags Resolver Sidecar | Manages the sidecar aspect of flag resolution. They have permissions to read flags, segments, and clients, and administer resolve information and flag assignments. |
| IAM Editor | Manages and edits IAM (Identity and Access Management) resources. They can create, edit, and manage clients, roles, user invitations, OAuth apps, cryptographic keys, and IAM policies. |
| IAM Reader | Has read-only access to IAM resources. They can view clients, roles, user invitations, OAuth apps, cryptographic keys, and IAM policies. |
| Metrics Editor | Manages and edits metrics-related resources. They can create, edit, and manage metrics, metric calculations, scheduled metric calculations, and associated tables and warehouses. |
| Metrics Reader | Has read-only access to metrics-related resources. They can view metrics, metric calculations, scheduled metric calculations, and associated tables and warehouses. |
| Stats API User | Specific role for users of the Stats API. They have permissions related to the usage of the Stats API. |
| Workflows Editor | Manages and edits workflow-related resources. They can create, edit, and manage workflows, workflow instances, workflow logs, workflow secrets, and related surfaces. |
| Workflows Reader | Has read-only access to workflow-related resources. They can view workflows, workflow instances, workflow logs, workflow secrets, and related surfaces. |