--- title: Using user roles and permissions summary: null url: >- https://www.fastly.com/documentation/guides/next-gen-waf/account-info/using-user-roles-and-permissions --- > **IMPORTANT:** This guide only applies to Next-Gen WAF customers with access to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net). If you have access to the Next-Gen WAF product in the [Fastly control panel](https://manage.fastly.com), check out our guide to [managing users](https://www.fastly.com/documentation/guides/account-info/user-and-account-management/about-user-roles-and-permissions) of Fastly accounts. Every user in your corp (also known as account) is [assigned a role](https://www.fastly.com/documentation/guides/next-gen-waf/account-info/managing-users/). Roles are groups of permissions that afford users the ability to view and control a variety of things in your corp (account). - **Owners** have access to all corp (account) features, can edit settings on every site (also known as workspace), and can make changes to user accounts. - **Admins** have limited access to corp (account) features, access to specific sites (workspaces) and site-level (workspace-level) settings, and can invite new users to specific sites (workspaces). - **Users** have access to specific sites (workspaces) and site-level (workspace-level) settings. - **Observers** have access to specific sites (workspaces). ## Corp (account) management permission The corp (account) management permissions for each role are as follows: | Permission | Owner | Admin | User | Observer | | ----------------------------------------------- | ------ | -------------- | -------------- | -------------- | | View corp-wide (account-wide) data and reports | Access | Limited access | Limited access | Limited access | | Edit corp-wide (account-wide) security policies | Access | No access | No access | No access | | Create or edit Corp (Account) Rules | Access | No access | No access | No access | | View Corp (Account) Rules | Access | Access | Access | Access | | Create or edit Corp (Account) Lists | Access | No access | No access | No access | | Create or edit Corp (Account) Signals | Access | No access | No access | No access | | View corp (account) integrations | Access | Access | Access | Access | | Edit corp (account) integrations | Access | No access | No access | No access | | View corp (account) audit logs | Access | Access | Access | Access | ## User management permissions The user management permissions for each role are as follows: | Permission | Owner | Admin | User | Observer | | --------------------------------------- | ---------------------- | --------------------------- | --------------------------- | --------------------------- | | View users | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | | Invite or remove other users | All sites (workspaces) | Specific sites (workspaces) | No sites (workspaces) | No sites (workspaces) | | Allow users to create API Access Tokens | Access | No access | No access | No access | ## Site (workspace) management permissions The site (workspace) management permissions for each role are as follows: | Permission | Owner | Admin | User | Observer | | ---------------------------------------------------- | ---------------------- | --------------------------- | --------------------------- | --------------------------- | | Create or delete sites (workspaces) | Access | No access | No access | No access | | View site-level (workspace-level) data and reports | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | | Edit site (workspace) blocking mode | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | No sites (workspaces) | | Edit site (workspace) IP anonymization policy | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | No sites (workspaces) | | Edit site (workspace) default blocking response code | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | No sites (workspaces) | | View associated users | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | No sites (workspaces) | | Edit site (workspace) Display Name and Short Name | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | No sites (workspaces) | ## Site (workspace) configuration permissions The site (workspace) configuration permissions for each role are as follows: | Permission | Owner | Admin | User | Observer | | -------------------------------- | ---------------------- | --------------------------- | --------------------------- | --------------------------- | | Change Blocking Mode | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | No sites (workspaces) | | Create or edit rules | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | No sites (workspaces) | | View rules | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | | Create or edit signals | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | No sites (workspaces) | | View signals | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | | Create or edit lists | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | No sites (workspaces) | | View lists | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | | Create or edit redactions | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | No sites (workspaces) | | View redactions | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | | Create or edit integrations | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | No sites (workspaces) | | View integrations | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | | Create agent keys | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | No sites (workspaces) | | View agent keys | All sites (workspaces) | Specific sites (workspaces) | Specific sites (workspaces) | No sites (workspaces) | | View site (workspace) audit logs | Access | Access | Access | Access | ## Personal account management permissions The personal account management permissions for each role are as follows: | Permission | Owner | Admin | User | Observer | | ---------------------------------- | -------------- | -------------- | -------------- | -------------- | | Edit account profile information | Access | Access | Access | Access | | Create, edit, view support tickets | Access | Access | Access | Access | | Create API Access Token | Limited access | Limited access | Limited access | Limited access | ## Related content - [Corp users API documentation](https://www.fastly.com/documentation/signalsciences/api/#_corps__corpName__users_get)