# Permissions and data access ### Permissions assigned to a user The following principles apply to a user: * A user can have exactly one role (Validator, Operator, Manager, Administrator, ...). * A user's role is the same across all organisations. For more information on the different roles, see [roles-and-permissions](https://docs-old.app.metamaze.eu/organisation/users/roles-and-permissions "mention"). * A user can be assigned to multiple projects. * Each project is owned by one organisation. * A user can be invited to projects that belong to multiple organisations. * A user can be a part of multiple organisations. * To invite a *new* user to a new organisation, use the user management module. * To invite an *existing* user to a new organisation, please open a support ticket at . (Inviting existing users will be released soon). * A user can see all document types of all the organisations (s)he has access to ### Permissions assigned to an organisation Organisations are separate, top-level entities that contain * users * projects * document types (owned) * document types (shared by another organisation) ### Who can see which documents? > Let's consider a project `Pet identification` under the organisation `Pete's Pet Shop`. Let's say this project contains documents of a document type `PetCard` which is managed by a different organisation `Pet Pal Industries` and shared with `Pete's Pet Shop.` Every document belongs to exactly one project, and one document type. A user only ever has access to a document when she/he has access to the project that contains that document. In the **Projects view**, users that have been added to the project can see all documents, regardless of document type. Users only have access to documents when they have been added to the project containing that document. This includes * users that are part of the organisation that manages the project `Pete's Pet Shop` * If they have access to the project only * all users that are part of the organisation `Pet Pal Industries` * If they have access to the project only * users that are part of a different organisation * If they have access to the project only In the **Document Type view**, access to documents depends on the level of access a user has per project. The Document Type view only contains data that was uploaded directly to training, or sent to training from production. Production data that was not sent to training is not visible in the Document Type view. Because access to documents is managed on the project level, users can only perform annotation or review tasks on documents that belong to projects they have access to.