Skip to main content

Role Based Access Control

Flagsmith provides fine-grained permissions to help larger teams manage access and roles across projects and environments.

Permissions are assigned to individual team members or to groups.


The Permissions/Role Based Access features of Flagsmith are not part of the Open Source version. If you want to use these features as part of a self hosted/on premise solution, please get in touch.


Groups are a convenient way to manage permissions for multiple team members. Groups can contain any number of team members. You can create groups with the Organisation Settings page.

Members of a group can be designated as an admin for that group. As a group admin, users can manage the membership for that group, but not the permissions the group has on other entities.


Team members can be defined as Organisation Administrators or Users. Organisation Administrator is effectively a super-user role, and gives full read/write access to every Project, Environment, Flag, Remote Config and Segment within that Organisation.

Users that are not Organisation Administrators must have permissions assigned to them manually at the relevant levels. The permissions available at the Organisation level are defined below.

Create ProjectAllows the user to create Projects in the given Organisation
Manage User GroupsAllows the user to manage the Groups in the Organisation and their members.


Team Members and Groups can be given individual roles at a Project level.

AdministratorFull Read/Write over all Environments, Feature Flag, Remote Config, Segment and Tag values
View ProjectCan view the Project within their account
Create EnvironmentCan create new Environments within the Project
Create FeatureCan create a new Feature / Remote Config
Delete FeatureCan remove an existing Feature / Remote Config entirely from the Project
Manage SegmentsCan create, delete and edit Segments within the Project
View audit logAllows the user to view the audit logs for this Project.


Team Members and Groups can be given individual roles at an Environment level.

AdministratorCan modify Feature Flag, Remote Config and Segment values
View EnvironmentCan see the Environment within their account
Update Feature StateUpdate the state or value for a given feature
Manage IdentitiesView and update Identities
Create Change RequestCreating a new Change Request
Approve Change RequestApproving or denying existing Change Requests
View IdentitiesViewing Identities