> ## Documentation Index
> Fetch the complete documentation index at: https://docs.abbyy.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Role-based access control
> Understand the five roles in ABBYY Vantage and the permissions each one grants — including the full permissions matrix for every access group.
Access to resources in your ABBYY Vantage tenant is controlled through **roles**. A role is a named set of permissions that you assign to users on the **Roles** tab of the user dialog.
Vantage provides five roles. You can assign more than one role to the same user to combine their permissions.
Full administrative control over the tenant — users, roles, skills, connections, and settings.
Create, edit, publish, and export skills; manage connections.
Process documents with authorized skills. Suitable for end users and integrating applications.
Perform manual reviews at designated Process skill stages.
Monitor transactions and initiate manual reviews at defined Process skill stages.
## Tenant Administrator
A Tenant Administrator has all permissions in the tenant and can:
* Add and remove users
* Assign any role to users
* Grant Skill User, Manual Review Operator, and Processing Supervisor access to specific skills or to all skills (including any added later)
* Create skills
* Publish skills
* Create, test, edit, and delete connections
* Access Skill Monitor to monitor the performance of the system
* Provision additional tenants via the Vantage API, if granted permission to do so. For more information, see [Creating a tenant via the Vantage API](/vantage/documentation/tenant-admin/tenant-management/create-tenant).
## Skill Designer
The Skill Designer can create new skills and define their purpose within business processes. This role includes full permissions for existing skills and allows the user to:
* Process documents using skills
* Copy skills
* Edit skills
* Export skills
* Delete skills
* Publish skills
* View skills in the Skill Monitor
* Create, test, edit, and delete connections
## Skill User
The Skill User can work with any skills they are authorized to access, including processing documents, retrieving results, and viewing demo documents. This role is intended for both end users and applications that integrate with ABBYY Vantage (such as mobile apps).
## Manual Review Operator
The Manual Review Operator can perform manual reviews at designated Process skill stages. This role can be granted access to selected skills and stages or to all skills and stages.
## Processing Supervisor
The Processing Supervisor can monitor transactions as they move through the skills and initiate manual reviews at defined Process skill stages.
With this role, the Processing Supervisor can:
* Perform Manual Review client tasks.
* Use Skill Monitor to view, open, and cancel transactions for authorized skills, and view associated transaction logs.
## Permissions matrix
The following tables list permissions by access group for each role. **Yes** means the role has the permission; **No** means it does not. Qualifiers in parentheses (for example, "only allowed skills") indicate that the permission is scoped further.
### Administration
| Permission | Tenant Administrator | Skill Designer | Skill User | Manual Review Operator | Processing Supervisor |
| :---------------------------------------------------------------------------------------------------- | :------------------: | :------------: | :--------: | :--------------------: | :-------------------: |
| Assign a role | Yes | No | No | No | No |
| Review a subscription | Yes | No | No | No | No |
| Change tenant settings (managing Vantage API clients and connection to an external identity provider) | Yes | No | No | No | No |
| Create, test, edit, and delete connections | Yes | Yes | No | No | No |
### Documents
| Permission | Tenant Administrator | Skill Designer | Skill User | Manual Review Operator | Processing Supervisor |
| :-------------------------------------- | :------------------: | :------------: | :-------------------------------------------------: | :--------------------: | :-------------------: |
| Process documents in the Documents view | Yes | Yes | Yes (only with permission to Default Process skill) | No | No |
### Skill Catalog
| Permission | Tenant Administrator | Skill Designer | Skill User | Manual Review Operator | Processing Supervisor |
| :------------------------------------- | :------------------: | :----------------------: | :-----------------------: | :--------------------: | :-------------------: |
| Find a skill | Yes | Yes | Yes (only allowed skills) | No | No |
| Try a skill | Yes | Yes | Yes (only allowed skills) | No | No |
| Create a skill | Yes | Yes | No | No | No |
| Duplicate a skill | Yes | Yes | No | No | No |
| Edit a skill | Yes | Yes | No | No | No |
| Publish a skill | Yes | Yes | No | No | No |
| Export a skill | Yes | Yes | No | No | No |
| Import a skill | Yes | Yes | No | No | No |
| Delete a skill | Yes | Yes | No | No | No |
| Discard unpublished changes to a skill | Yes | Yes (only their changes) | No | No | No |
| Process documents using a skill | Yes | Yes | Yes (only allowed skills) | No | No |
### Skill Monitor
| Permission | Tenant Administrator | Skill Designer | Skill User | Manual Review Operator | Processing Supervisor |
| :------------------------------------- | :------------------: | :------------: | :--------: | :--------------------: | :-----------------------: |
| View a skill | Yes | Yes | No | No | Yes (only allowed skills) |
| Launch or stop automatic export/import | Yes | No | No | No | No |
| View transactions | Yes | Yes | No | No | Yes (only allowed skills) |
| Open Manual Review client task | Yes | Yes | No | No | Yes (only allowed skills) |
### Data Catalogs
| Permission | Tenant Administrator | Skill Designer | Skill User | Manual Review Operator | Processing Supervisor |
| :-------------------- | :------------------: | :------------: | :--------: | :--------------------: | :-------------------: |
| View a data catalog | Yes | Yes | No | No | No |
| Update a data catalog | Yes | Yes | No | No | No |
| Create a data catalog | Yes | Yes | No | No | No |
### Manual Review
| Permission | Tenant Administrator | Skill Designer | Skill User | Manual Review Operator | Processing Supervisor |
| :--------------------- | :------------------: | :------------: | :--------: | :----------------------------------: | :-----------------------: |
| Perform manual reviews | Yes | No | No | Yes (only allowed skills and stages) | Yes (only allowed skills) |
### Environment Variables
| Permission | Tenant Administrator | Skill Designer | Skill User | Manual Review Operator | Processing Supervisor |
| :--------------------------------------------------------------------------------- | :------------------: | :------------: | :--------: | :--------------------: | :-------------------------------: |
| Create, edit, and delete secrets | Yes | No | No | No | No |
| Access secrets from skills, view the list of existing secrets in the script editor | Yes | Yes | No | No | No (only on Manual Review client) |
## Related topics
Add users, assign roles, and manage permissions
Provision new users in your tenant
Overview of tenant administration in Vantage