> ## Documentation Index > Fetch the complete documentation index at: https://docs.tokenfactory.nebius.com/llms.txt > Use this file to discover all available pages before exploring further. # Groups & Access management > Learn about access management on different levels Being listed as a user in an organization does **not** automatically grant access to its resources.\ Each user or service account must be assigned to a **group** that defines their access level within the organization or its projects. Groups exist at two levels: * **Organization-level Groups** — control access to organization-wide settings and projects. * **Project-level Groups** — control access to resources within individual projects. ### **Organization-level Groups** Organization-level groups define permissions for managing the overall workspace, its billing, and projects. | **Group** | **Description** | | :------------------ | :----------------------------------------------------------------------------------------------------------------------------------------------------- | | **Admin** | Full access to organization settings, billing, and all projects. Can invite external users, manage organization projects, and configure access rights. | | **Billing Manager** | Can manage billing settings and view usage statistics across the organization. Cannot access project resources or invite users. | | **No Group** | Users added without a role at the organization level. They can later be granted access to specific project-level resources. | #### **Organization-level Permissions** | **Action** | **Admin** | **Billing Manager** | | :------------------------------- | :--------------------------- | :--------------------------- | | **Usage & Consumption** | View | View | | **Projects and Resources** | View, Create, Update, Delete | No Access | | **Billing Settings** | View, Create, Update, Delete | View, Create, Update, Delete | | **Payments** | View | View | | **Organization Access (Users)** | View, Add, Remove | No Access | | **Zero Data Retention Settings** | View, Change | No Access | **Note:** Organization Admins automatically have administrative privileges across all projects in the organization. ### **Project-level Groups** Project-level groups control access to specific project resources and operations. | **Group** | **Description** | | :--------- | :----------------------------------------------------------------------------------------------------------- | | **Admin** | Full control over project resources. Can invite organization members to the project and manage their access. | | **Member** | Can create and manage project resources but cannot invite new users or change access permissions. | #### **Project-level Permissions** | **Action** | **Admin** | **Member** | | :-------------------------- | :---------------- | :-------------------------- | | **Project Access (Users)** | View, Add, Remove | No Access | | **API Keys** | Create, Delete | Create, Delete own API keys | | **Files API** | Full Access | Full Access | | **Fine-tuning API** | Full Access | Full Access | | **Batch API** | Full Access | Full Access | | **Dedicated Endpoints API** | Full Access | Full Access | | **Prompt Presets** | Full Access | Full Access | | **Public Endpoints API** | Full Access | Full Access | ### **Inviting Users to Groups** To grant access to organization or project resources: 1. Invite a user to the organization. 2. Assign the user to the appropriate **Organization Group** or **Project Group**. For detailed instructions, see the [**User Invitations**](https://docs.tokenfactory.nebius.com/team-access/invitations) section.