Role-based access

Last updated:

|Edit this page

Roles-based access is only available on our Enterprise plan. See the pricing page for more details.

Organization defaults

By default, team members in your organization have view and edit access to all resource features – i.e. feature flags, experiments, session recordings.

These can be changed on the role-based access settings page. You can set organizational defaults to just "view only" and restrict edit access to certain features.


Roles are groupings of team members. You can assign a member to multiple roles.

For more granularity, you can also define whether a role has view or edit access per resource.

Only organization members with admin or owner level access can create or edit roles.


Resources are PostHog features. These include but are not limited to feature flags, experiments, session recordings, and cohorts.

Resources that you create will always be viewable and editable. Access control restricts editing for resources that you don't own.

Editing access per resource

You can also override the default access settings for a specific resource. This allows you to give edit access to a specific feature flag, for example, to a team role that normally has "view only"


Was this page useful?

Next article

Single sign-on authentication

SSO makes logging in easier for users to log and compliance easier for administrators. We also allow support just-in-time provisioning of users with the Teams add-on, which means that team members can self-serve creating their account, while still enforcing log in through a specified SSO provider. Some SSO features are add-ons. Please review each section below for details. Authentication domains SSO configuration mostly occurs in your Organization settings and is based on authentication domains…

Read next article