> For the complete documentation index, see [llms.txt](https://docs.arnica.io/arnica-documentation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.arnica.io/arnica-documentation/platform-operations/security/users-and-roles.md).

# Users & Roles

The Users & Roles tab allows you to add new users to your Arnica Org and manage the existing users within the system.

## Adding Users

To invite someone to your Arnica org:

1. Navigate to **Admin > Security > Users & Roles**.
2. Enter the user's email address in the **Email** field under **Add Users**.
3. Click **Invite**.

The user receives a welcome email with a personalized link to set their password. Once they sign in, they are redirected into your org.

{% hint style="info" %}
The email address you enter is tied to all activity within Arnica, including mitigation actions and admin audit logs. If the user has multiple email addresses, make sure to use the one they intend to work with.
{% endhint %}

<figure><img src="/files/pkb6OLaumBfW0wQWR2QZ" alt="Add Users section showing the email field and Invite button"><figcaption><p>Enter an email address and click Invite to send an invitation</p></figcaption></figure>

## If the Invitation Wasn't Received

If a user hasn't received their invitation email, check the following:

* The email may have landed in their **spam or blocked emails** folder.
* Double-check that the **email address is spelled correctly**.
* The user may already be a member of **another Arnica org**. Each user can only belong to one org at a time. To join your org, they will need to leave their current one first — they can do this from **Profile menu → Edit Account → Leave**.

If none of the above apply, reach out to Arnica support via the in-app chat or at <support@arnica.io>.

## Existing Users

All users are listed in the **Users and Roles** table with the following columns:

* **Email** — the user's email address.
* **Role** — the role currently assigned to them.
* **Last Updated** — when the user record was last changed.
* **Status** — blank for active users; shows **invited** for users who haven't accepted their invite yet.

Use the search bar at the top of the table to filter by email.

<figure><img src="/files/UBJ0eMwJeJvKNRlvVJwG" alt="Users and Roles table showing email, role, last updated, status and actions columns"><figcaption><p>The Users and Roles table lists all org members with their current role and status</p></figcaption></figure>

## Changing a User's Role

Click the **pencil icon** in the Actions column next to a user to open the role picker. The available roles are:

* Admin
* Security Reviewer
* Collaborator
* Maintainer - Products
* Collaborator - Products
* Read Only
* Read Only - Products

<figure><img src="/files/W6A0RHevBXP3jeUOlDnw" alt="Role picker dropdown showing all available roles"><figcaption><p>Click the pencil icon to open the role picker</p></figcaption></figure>

{% hint style="warning" %}
Role changes take effect immediately.
{% endhint %}

For a full description of what each role can access, see [Role Based Access Control (RBAC)](/arnica-documentation/security/role-based-access-control-rbac.md).

## Role Management Mode

At the top of the page, a toggle lets you choose between **Arnica**-managed and **SSO**-managed roles:

* **Arnica** — roles are set manually within the Arnica UI.
* **SSO** — roles are derived from your identity provider. When switched to SSO, a configuration panel appears where you can map SSO groups to Arnica roles.

Click **Save** after switching modes for the change to take effect.

For configuration details, see [Role Based Access Control (RBAC)](/arnica-documentation/security/role-based-access-control-rbac.md).

## Removing a User

To remove a user from your org, click the **trash icon** in the Actions column. The user loses access immediately.

<figure><img src="/files/I0wTYQZqUwykoX0eapeY" alt="Users and Roles table with the trash icon highlighted in the Actions column"><figcaption><p>Click the trash icon to remove a user from your org</p></figcaption></figure>

## Tenant Membership

Each Arnica user can belong to **one org at a time**. If a user needs to move to a different org, they must leave their current one first. They can do this from the **Profile menu → Edit Account → Leave**.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.arnica.io/arnica-documentation/platform-operations/security/users-and-roles.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.