---
title: Custom RBAC roles
description: Custom role-based access control (RBAC) roles are a solution for organizations with use cases that are not addressed by default roles in DataRobot.
section_name: Administrator
platform: cloud-only

---

# Custom RBAC roles {: #custom-rbac-roles }

Custom role-based access control (RBAC) roles are a solution for organizations with use cases that are not addressed by [default roles](rbac-ref) in DataRobot. System and organization administrators can create roles and define access at a more granular level, and assign them to users and groups. You can access custom RBAC roles from **User Settings** > **User Roles**.

The **User Roles** page lists each available role an admin can assign to a user in their organization, including DataRobot default roles. Before creating a custom role, review the [considerations](#feature-considerations).

![](images/custom-rbac-1.png)

## Create custom roles {: #create-custom-roles }

To create a new role, click **+ Add a user role**. Enter a name for the role and assign permissions.

DataRobot features are listed on the left, and role access options&mdash;[read, write, admin](roles-permissions#role-definitions), and entity-specific permissions&mdash;are listed on the right. Select an object, then select an access level for the object under _Permissions_.

![](images/custom-rbac-2.png)

## Manage roles {: #manage-roles }

Unlike default DataRobot roles, you can edit and delete any custom role created for an organization from the **User Roles** page. To determine if a role can be modified, refer to the **Custom Role** column; default roles display _Yes_ and custom roles display _No_.

![](images/custom-rbac-3.png)

From this page, you can:

| &nbsp; | Element       | Description |
| ---------- | ----------- | ---------- |
| ![](images/icon-1.png) | Edit      | Select a custom user role to modify its permissions.        |
| ![](images/icon-2.png) | Delete      | Click the **Menu** icon and select **Delete**. If the role is currently assigned to a user, a warning message appears before deleting the role.        |
| ![](images/icon-3.png) | Duplicate      | Click the duplicate icon and name the new role, then select the role to modify permissions.        |

## Feature considerations {: #feature-considerations }

* The RBAC feature flag must be enabled.
* When system administrators create a custom role, the role is enabled system-wide across all organizations. When organization administrators create a custom role, the role is only enabled for that organization.
* The feature flag for custom roles must be enabled system- or org-wide.
* Feature flags cannot be configured through roles.
* Multiple roles cannot be assigned to a user/group/organization at this time.
