# Access Control for Group

## Roles for Groups

The following roles determine what operations users can perform on groups.

| Role Name    | Summary                                         |
| ------------ | ----------------------------------------------- |
| group.Owner  | Can manage groups without workspace owner role. |
| group.Member | -                                               |

## Group Operations and Access Control Rules

Here are the operations that can be performed to manage groups and the corresponding roles required to perform them.

| Operation                                                                                 | Required Role                  |
| ----------------------------------------------------------------------------------------- | ------------------------------ |
| View a list of groups within the workspace.                                               | workspace.Viewer               |
| Add a group to the workspace.                                                             | workspace.Owner                |
| <p>Delete a group.<br>Edit settings of a group.<br>Add and remove members to a group.</p> | workspace.Owner OR group.Owner |