# Flow Navigation & Organization ## Understanding Organizations, Projects, and Access Control [Section titled “Understanding Organizations, Projects, and Access Control”](#understanding-organizations-projects-and-access-control) Spacelift Flows uses a hierarchical structure for access control and project management: ** ``` Organization (Top Level)├── Project A│ ├── Flow 1│ ├── Flow 2│ └── App Installations└── Project B ├── Flow 3 └── App Installations ``` ### Organizations [Section titled “Organizations”](#organizations) The top-level entity containing all projects, users, and teams. ![Organization Overview](/images/organization.png) ### Projects [Section titled “Projects”](#projects) Containers within organizations that group related flows and app installations: - Users get access on per-project basis - Each project contains multiple flows - Projects have their own app installations - You can have multiple app installations for the same app (e.g., separate AWS installations for different regions) #### Projects Overview [Section titled “Projects Overview”](#projects-overview) ![Projects Overview](/images/flows.png) #### Installations Overview [Section titled “Installations Overview”](#installations-overview) ![Installations Overview](/images/installations.png) #### Registry Overview [Section titled “Registry Overview”](#registry-overview) ![Registry Overview](/images/registry.png) ### Access Control [Section titled “Access Control”](#access-control) Spacelift Flows uses two-tier access control: #### Organization-Level Access [Section titled “Organization-Level Access”](#organization-level-access) Users must first be added to the organization: - Organization membership is required for platform access - Users receive invitations to join - No access to any resources without organization membership ![Organization Membership](/images/organization-membership.png) #### Project-Level Permissions [Section titled “Project-Level Permissions”](#project-level-permissions) Once in the organization, users get specific project permissions: - Control which team members access specific projects - Isolate different environments or business units - Manage permissions granularly across automation workflows ![Project Membership](/images/project-membership.png) #### Role Descriptions [Section titled “Role Descriptions”](#role-descriptions) - **Viewer**: Can view flows in a project - **Editor**: Can edit flows in a project and manage app installations - **Admin**: Can manage users in a project and create custom apps - **Organization Admin**: Can manage the entire organization including projects, registry subscriptions, and agent pools #### Adding New Users [Section titled “Adding New Users”](#adding-new-users) **Step 1: Ensure Organization Membership** If user doesn’t exist in your organization: 1. Click the avatar in the top-left corner, then click ‘Organization’ 1. Go to ‘Users’ and click ’+ Invite Users’ 1. Enter user’s email address to send invitation **Step 2: Grant Project Access** Once user is in the organization: 1. Navigate to the specific project 1. Click ‘Membership’ in left panel 1. Click ’+ Add members’ 1. Select user(s) and assign role 1. Confirm changes #### Team Access [Section titled “Team Access”](#team-access) After users are added to the organization, you can organize them into teams for easier project access management: 1. Click the avatar in the top-left corner, then click ‘Organization’ 1. Go to ‘Teams’ tab and click ’+ New team’ 1. Name the team and assign team users 1. Once the team is created, you can add the entire team to any project the same way you would add individual users