Skip to content
On this page


Roles are essentially a bundle of pre-configured access permissions which you can (re)assign to any number of users.

Learn More

To configure roles programmatically, see our API documentation on roles.

View a Role

How to view a role

To view an existing role, navigate to Settings > Access Control > [Role]. Now you can see the role's permissions and other details.

Create a Role

How to create a role

To create a role, follow these steps.

  1. Navigate to Settings > Access Control.
  2. Click add in the page header.
  3. Enter a unique Role Name.
  4. Toggle App Access and Admin Access as desired.
    To learn more, see configure role details.
  5. Click Save to confirm.

Configure Role Details

How to configure role details

In addition to defining permissions, roles come with a number of other configuration options. To configure a role's details, follow these steps.

  1. Navigate to Settings > Access Control > [Role].

  2. Configure the following options as desired:

    • Permissions — Configures access permissions for the role.

    • Role Name — Sets the name of the role.

    • Role Icon — Sets icon used when referencing this role.

    • Description — Adds a note to help explain the role's purpose.

    • App Access — Auto-configures minimum permissions required to log in to the App.

    • Admin Access — Auto-configures full permissions to project data and Settings. Must be toggled off to restore ability to restrict permissions.

    • IP Access — Allow list of IP addresses, IP ranges and CIDR blocks for this role. To add an entry, type it in and hit Enter / Return to confirm. Leave empty to allow all IP addresses.

      TypeExample Value
      IP Address1.2.3.4
      IP Range1.1.1.1-
      CIDR Block1.2.3.0/24
    • Require MFA — Forces all users within this role to use multi-factor authentication.

    • Users in Role — Lists all users within this role.

  3. Click check in the page header to confirm.

App Access vs Admin Access

Roles with App Access enabled are created with the minimum permissions required to login to the app and access their own profile information. Roles that have neither Admin nor App Access enabled are created with public permissions. You can always reconfigure permissions later.

Delete a Role

How to delete a role

To delete a role, follow these steps.

  1. Navigate to Settings > Access Control > [Role].
  2. Click delete in the page header and a popup will appear.
  3. Click Delete to confirm.

Users in a Deleted Role

If you delete a role that still has users in it, those users will be given a NULL role, which limits them to public permissions. However, you can always assign them a new role.

Built-in Roles

Directus does not allow you to delete the built-in public role or administrator role. To learn more, please see the introductory section on Directus Roles.