{"section":"tracks","requestedLocale":"en","requestedSlug":"users-and-roles","locale":"en","slug":"users-and-roles","path":"docs/en/tracks/vtex-modules-getting-started/accounts-and-permissions/users-and-roles.md","branch":"main","content":"Access control in the VTEX Admin is based on **users** and **roles**, ensuring that each person has access only to the features they need for their tasks.\n\n## Users\n\nAn **administrative user** is anyone registered with access to your store Admin. Each user is identified by their email and must have at least one user role assigned.\n\n**What you can do:**\n\n- Create, edit, and delete users\n- Assign user roles to users\n- Export user list\n\n**Where to manage:** _Account settings > Users_\n\n> ℹ️ Learn more in [Managing administrative users](https://help.vtex.com/docs/tutorials/managing-admin-users).\n\n## Roles\n\nA **user role** is a set of permissions that determines the features a group of users can access on the platform. Permissions are based on **resources** from License Manager.\n\nLicense Manager checks if the user has the necessary resources to perform each action on VTEX, such as accessing a page or making an API call. Without the appropriate resources, the request is denied.\n\n**Where to manage:** _Account Settings > Roles_\n\n> ℹ️ Learn more in [Roles](https://help.vtex.com/en/docs/tutorials/roles).\n\n### Role types\n\n| Type           | Description                                                                                         | Examples                                                                         | Documentation                                                             |\n| -------------- | --------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------- | ------------------------------------------------------------------------- |\n| **Predefined** | Ready-to-use profiles offered by VTEX covering the most common use cases.           | Owner (Admin Super), Call Center Operator, Finance, Logistics | [Predefined roles](https://help.vtex.com/docs/tutorials/predefined-roles) |\n| **Custom**     | Custom roles created by selecting only the necessary resources for each user group. | Role for Catalog team, profile for marketplace operators                         | [Creating roles](https://help.vtex.com/docs/tutorials/creating-roles)     |\n\n## Sponsor user\n\nEvery VTEX account has a single **Sponsor user**, the main person responsible for the store. This user:\n\n- Has full access to all features\n- Can perform critical actions (reindex, full cleanup, special authorizations)\n- Receives important VTEX communications\n\n> ⚠️ Sponsor user ≠ Owner (Admin Super) role. The Sponsor user is unique per account, while Owner is a role that can be assigned to multiple users.\n\n> ℹ️ Learn more in [Sponsor user](https://help.vtex.com/docs/tutorials/what-is-the-sponsor-user).\n\n## Principle of least privilege\n\nAlways apply the **least required privilege**: Each user should have only the roles and resources strictly necessary for their activities. This reduces security risks and improves control.\n\n**Best practices:**\n\n- Limit users with the Owner (Admin Super) role.\n- Review accesses and API keys periodically (at least once a year)\n- Remove inactive users immediately\n- Use corporate emails, not personal ones\n- Avoid using shared accounts (example: admin@company.com)\n- Require 2FA for all administrative users\n- Consider using single sign-on (SSO)\n\n> ℹ️ Learn more in [Best practices for store access management](https://help.vtex.com/docs/tutorials/best-practices-for-store-access-management).\n\n## Learn more\n\n- [Roles](https://help.vtex.com/en/docs/tutorials/roles) - Complete guide to access control\n- [Best practices for store access management](https://help.vtex.com/docs/tutorials/best-practices-for-store-access-management)\n- [Managing administrative users](https://help.vtex.com/docs/tutorials/managing-admin-users)\n- [Creating roles](https://help.vtex.com/docs/tutorials/creating-roles)\n- [Predefined roles](https://help.vtex.com/docs/tutorials/predefined-roles)\n- [License Manager resources](https://help.vtex.com/en/docs/tutorials/license-manager-resources)\n- [Sponsor user](https://help.vtex.com/docs/tutorials/what-is-the-sponsor-user)\n- [Transferring store ownership](https://help.vtex.com/docs/tutorials/transferring-store-ownership)"}