> ## Documentation Index > Fetch the complete documentation index at: https://docs.galileo.ai/llms.txt > Use this file to discover all available pages before exploring further. # Access Control > Control access to projects via role-based access control and groups in Galileo For organizations requiring role-based access control (RBAC), Galileo supports fine-grained control over granting users different levels of access to the system, as well as organizing users into groups for easily sharing projects. Some features are only available to customers on paid Galileo plans. ## System-level Roles There are four roles that a user can be assigned: * **Admin** - Full access to the organization, including viewing all projects. * **Manager** (enterprise only) - Can add and remove users. * **User** - Can create, update, share, and delete projects and resources within projects. * **Read-only** - Cannot create, update, share, or delete any projects or resources. Limited to view-only permissions. *Note:* Free users of Galileo can only use the Admin, User, or Read-only roles. [Contact us](https://galileo.ai/contact-sales) to explore a paid plan and get full RBAC. In table form: | | Admin | Manager | User | Read-only | | ------------------------------------- | ---------------------------------- | ----------------------------------------------- | ------------------------------------------ | ------------------------------------------ | | View all projects | | | | | | Add/delete users | | (excluding admins) | | | | Create groups, invite users to groups | | | | | | Create/update projects | | | | | | Share projects | | | | | | View projects | (all) | (only shared) | (only shared) | (only shared) | System-level roles are chosen when users are invited to Galileo: Image shows the pop up when inviting new users to Galileo and the system role options provided ## Groups (enterprise only) Users can be organized into groups to streamline sharing projects. Currently, groups are only available to customers on paid plans of Galileo. There are 3 types of groups: * **Public** - Group and members are visible to everyone in the organization. Anyone can join. * **Private** - Group is visible to everyone in the organization. Members are kept private. Access is granted by a group maintainer. * **Hidden** - Group and its members are hidden from non-members in the organization. Access is granted by a group maintainer. Within a group, each member has a group role: * **Maintainer** - Can add and remove members. * **Member** - Can view other members and shared projects. ## Share Projects By default, only a project's creator (and managers and admins) have access to a project. Projects can be shared both with individual users and entire groups. Together, these are called *collaborators*. How to share a project with collaborators: Share a project within Galileo