{"section":"tutorials","requestedLocale":"en","requestedSlug":"roles","locale":"en","slug":"roles","path":"docs/en/tutorials/account-management/access-control/roles.md","branch":"main","content":"Every action on VTEX, such as accessing a page in the Admin or making an API call, requires a request to our infrastructure. To guarantee the security of these operations, there is **License Manager**, a system that verifies whether a user has the right permissions to perform an action on the platform.\n\nTo make it easier to manage these permissions, License Manager uses a system based on [resources](#resources) and [roles](#roles). See below for more details on these concepts.\n\n## Resources\n\nA **resource** is an entity associated with an action or information within our infrastructure. For example, the _Product management_ resource allows a user to access and edit product information in the Catalog. To learn more about each available resource, read the [License Manager resources](/en/docs/tutorials/license-manager-resources) article.\n\nEach request undergoes a security analysis to check if the user has the necessary resources, i.e., the necessary permission to perform the action. Without the necessary resources, a request will not be successful.\n\n## Roles\n\nA **role** determines the set of resources accessible to a group of users on VTEX. Each admin user can be associated with one or more roles.\n\nAs several employees often access the Admin, it is important to limit access to critical actions within an account. This minimizes disruptions in the store operation and ensures that each user has access only to the actions necessary for their role.\n\nFor example, a team of telesales operators only needs access to order details, so they shouldn't have access to other platform settings. In this case, their role would only contain resources related to reading order details.\n\nTo manage your store roles and their associated users, go to the [Roles list](/en/docs/tutorials/roles).\n\nCheck below the different types of roles you can add to the store.\n\n### Role types\n\nWhen [creating a new role](/en/docs/tutorials/creating-roles), you can use one of the predefined roles provided by VTEX or create a customized one, selecting each required resource.\n\nThe admin must have a role with the _Save access profile_ [resource](/en/docs/tutorials/license-manager-resources) in order to create a role in License Manager.\n\n#### Predefined\n\nPredefined roles are sets of resources predetermined by VTEX that cover the most common use cases. Check the complete list of [predefined roles](/en/docs/tutorials/predefined-roles) and their permissions.\n\n#### Custom\n\nBesides using predefined roles, you can [create custom roles](/en/docs/tutorials/creating-roles#creating-custom-roles), combining the necessary resources for a group of admin users from your store.\n\nFor example, a team responsible for keeping the store catalog up to date usually performs a well-defined set of tasks, such as adding and editing products, categories, and brands. In this case, an admin can create a customized role with all the necessary resources for these employees.\n\nCheck the complete list of available [License Manager resources](/en/docs/tutorials/license-manager-resources).\n\n## Managing roles\n\nRoles can be managed through VTEX Admin. Click on your **profile avatar** on the VTEX Admin top bar, marked by the initial of your email, and click on **Account Settings** > __User Roles__ .\n\n![List roles](https://cdn.statically.io/gh/vtexdocs/help-center-content/refs/heads/main/docs/en/tutorials/account-management/access-control/roles_1.png)\n\nThis page shows a list with all roles that were added for the account, which you can edit or delete from the **Actions** column.\n\nIn a newly created account, only the *Owner (Admin Super)* role will be listed. This role gives unrestricted access to all the resources of the platform.\n\n> ⚠️ The number of users with an *Owner (Admin Super)* role should be as low as possible. Ensure that there is visibility and control of those who receive this access. Unrestricted use of very permissive roles increases the risk of attacks on stores by login credentials leakage.\n\n## Creating roles\n\nFor users who should not have unrestricted access to the platform, it is important to create roles that limit the available resources to those strictly necessary for that type of user. Read the [Creating roles](/en/docs/tutorials/creating-roles) guide to do so.\n\nYou can create a new role based on [predefined roles](/en/docs/tutorials/predefined-roles), or you can customize them by selecting which [License Manager resources](/en/docs/tutorials/license-manager-resources) can be accessed by the users that have this role.\n\n## Learn more \n\n* [Predefined roles](/en/docs/tutorials/predefined-roles)\n* [Creating roles](/en/docs/tutorials/creating-roles)\n* [License Manager resources](/en/docs/tutorials/license-manager-resources)"}