PostHog's access control system allows you to manage permissions at three levels: organization, project, and resource. This hierarchical approach provides granular control over who can view and edit different parts of PostHog.
Levels of access control
1. Organization level
Organization members can have one of three access levels, which determine their permissions for organization-wide settings and actions.
The three access levels are: Member, Admin, and Owner. An organization must have at least one Owner but can have more than one.
| Permission | Member (base level) | Admin | Owner |
|---|---|---|---|
| Viewing and querying project data | ✔ | ✔ | ✔ |
| Accessing billing management | ✖ | ✔ | ✔ |
| Managing reverse proxies | ✖ | ✔ | ✔ |
| Creating and deleting projects | ✖ | ✔ | ✔ |
| Managing project access controls (see more below) | ✖ | ✔ | ✔ |
| Changing authentication settings (SAML, SSO settings, 2FA enforcement, etc.) | ✖ | ✔ | ✔ |
| Changing organization settings (name, logo, etc.) | ✖ | ✔ | ✔ |
| Managing RBAC Roles (creating, editing, deleting, changing members, etc.) | ✖ | ✔ | ✔ |
| Inviting new members (only for current level or below)* | ✔ | ✔ | ✔ |
| Managing members (changing roles, removing, etc.) | ✖ | ✔ | ✔ |
| Leaving an organization | ✔ | ✔ | ✖ |
| Transferring organization ownership | ✖ | ✖ | ✔ |
| Deleting an organization | ✖ | ✖ | ✔ |
*This permission is configurable and can be disabled for members by organization admins and owners.
Access levels can be viewed and changed in the Members section of organization settings.
2. Project level
At the project level, there are two access levels: member and admin.
Each project has a default access level that applies to all organization members:
- No access – Members need explicit permission to access the project
- Member – All organization members have member-level access
- Admin – All organization members have admin-level access
You can override the default access level for specific members or roles. A user's effective access level is the highest level granted from any source.
Organization owners and admins automatically receive project admin access.
See the table below for a summary of project-level permissions:
| Permission | Member | Admin |
|---|---|---|
| Manage project access controls | ✖ | ✔ |
| Delete project | ✖ | ✔ |
| Edit project settings | ✖ | ✔ |
| View/edit own or permitted resources (based on resource-level access controls) | ✔ | ✔ |
| View/edit all resources (regardless of resource-level access controls) | ✖ | ✔ |
3. Resource level
Resource access controls allow you to control who can view and edit specific resource objects. These can be accessed in the "Access control" sidebar when viewing a supported resource.
Currently, resource access controls are available for:
- Insights
- Dashboards
- Notebooks
- Feature flags
- (more resource types coming soon – looking for others? Let us know!)
Note: We do not yet support limiting access to querying data, viewing replays, or accessing person / group profiles. Support for these features is planned for the near future.
Resource access controls have three possible access levels:
- No access – Cannot view or edit the resource
- Viewer – Can view but not modify the resource
- Editor – Can view and modify the resource
- Manager - Can change metadata about the resource like access controls
There are two ways to set resource-level access controls:
a. Individual resource object
These settings allow you to control who can view and edit a specific resource object. You can access these controls via the project's access control settings.
By default, new resources are set to "Editor" access. Users with appropriate permissions can modify this default and set specific permissions for members and roles.
Resource creators and project admins can always view and edit resources, as well as manage their access controls. Only creators and project admins can manage access controls for a resource object.
You cannot set resource-level access controls for project admins, as they always have full access.
b. All resource objects of a given type in a project
These settings allow you to control who can view and edit all resources of a given type within a project. These controls are set at the project level.
You can set default access levels for all resources of a given type in a project. This allows you to set it once and apply it to all resources of that type in the project (past and future).
Project-wide access controls for resources take precedence over individual resource object access controls.
You cannot set project-wide access controls for project admins, as they always have full access.
Feature availability
Free / Pay-as-you-go
These plans do not currently offer any access control features. All projects are open to all members and all resources are open to all members with "Editor" access.
Boost or scale
The Boost and Scale add-ons give advanced permissions.
The goal of this is to allow teams with stricter access requirements to control who can access their projects and resources.
On these plans, you can set default access levels for projects and resources, and also set specific access levels for individual members (but not roles).
Enterprise
While you can create roles on any plan, they can only be used for access control on Enterprise plans.
Instead of managing permissions individually, you can create roles to group users together. Roles can be assigned permissions at both the project and resource level.
