# Role-based access control
A role is used to give a user access to resources within an organization.
All Intempt organizations have the following roles:
Organization owner. Have full read and edit access to everything in the organization. Has access to delete the organization, assign organization admins.
Organization member. By default, organization members can view the organization without access to any sub-resources. You can configure additional source permissions for every organization member.
Organization admin. Admins have full read and edit access to everything in the organization, including Sources, Destinations, other products, and settings.
# Configure organization member permissions
# Source Access
You can assign read-only or read & write access to the selected sources.
If you assign read-only access, organization members can only read data flowing from the selected sources (other sources are hidden from the user). Read-only access does not permit the organization member to edit the source data. In addition, the user is not able to change events and segments that come from the assigned sources.
# Read & write
If you assign read & write access, organization members can read and edit all data flowing from the selected sources (non selected sources are still hidden from the user). Read & write access permits the organization member to edit the source settings and its derivative data (attributes, events, segments).