# Managing Roles
The roles of a user can be managed by a SuperAdmin from the Roles section of the left menu. The Roles dashboard will display the available OwnIdP administrator roles on the left and the roles for the selected federation on the right.
Here, you can:
- create a role using the Add button,
- updated a role using the pencil icon
, - delete a role using the trashcan icon
.
# Authorisation matrix
Below is the authorisation matrix of the standard OwnIdP roles.
Authorisation matrix
The CRUD acronym in the below table has the following meaning:
- C = Create
- R = Read
- U = Update
- D = Delete
| Rights | SuperAdmin | Functional Manager | Admin | UserAdmin |
|---|---|---|---|---|
| Manage Settings | RU | - | - | - |
| Manage user roles and organisation types | CRUD | - | - | - |
| Manage own organisation | CRU | CRU | R | - |
| Manage other (main-level) organisations | CRUD | CRU | - | - |
| Manage own sub-organisation(s) | CRUD | CRU | CRUD | - |
| Manage sub-organisations of other organisations | CRUD | CRU | - | - |
| Manage users of own organisation(s) | CRUD | CRUD | CRUD | CRUD |
| Manage users of other organisation(s) | CRUD | CRUD | CRUD* | CRUD* |
*Only for own sub-organisations
Note
An admin level cannot add or remove anything that has a higher admin level then their own rights.