JetBrains Central Console eap Help

Roles

Access in JetBrains Central Console is role-based. Every role is some combination of permissions that define what this role can do. You can either use default roles or create a new one and then assign it to principals: users, groups, and service accounts.

Create roles

  1. In the sidebar, under Users and access, select Roles.

    If you don't see this page, your role doesn't have the necessary permissions.

  2. In the top-right corner of the Roles page, click New role.

  3. In the New role dialog, enter a name for the role.

  4. Under Scope, select the scope where the permissions of this role should apply: Organization or Groups.

  5. Define the set of permissions for this role.

  6. Click Create.

Edit roles

  1. In the sidebar, under Users and access, select Roles.

    If you don't see this page, your role doesn't have the necessary permissions.

  2. Click the permissions assigned to the role.

    Alternatively, click ... next to the role and select Edit role.

  3. In the Edit role dialog, edit the permissions and the name of the role.

  4. Click Save changes to apply.

Delete roles

  1. In the sidebar, under Users and access, select Roles.

    If you don't see this page, your role doesn't have the necessary permissions.

  2. Click ... next to the role and select Delete role.

  3. Confirm deletion.

Assign roles

You can assign roles to principals: users, groups, and service accounts. Assigning a role adds permissions that this role includes.

For information about assigning roles, see:

    Permissions

    Permissions define which sections of the UI the role has access to.

    * Read-only access.

    Manage organization

    Allows managing everything in JetBrains Central Console.

    Only the Org admin has this permission by default.

    View organization members

    Allows viewing information about users, groups, roles, and service accounts.

    Only the Org viewer has this permission by default.

    Manage AI settings

    Allows managing AI settings, providers, policies, and agents.

    Only the AI admin has this permission by default.

    View AI settings

    Allows viewing AI settings, providers, policies, and agents.

    The following default roles have this permission by default:

    Manage AI access

    Allows managing AI access.

    Only the AI admin has this permission by default.

    View AI access

    Allows viewing AI access.

    The following default roles have this permission by default:

    View AI analytics

    Allows viewing AI analytics.

    The following default roles have this permission by default:

    Manage licensing and billing

    Allows purchasing and assigning licenses, managing billing, teams, contacts, and global org settings. Also allows viewing information about users, groups, and roles.

    Only the Licensing and billing manager has this permission by default.

    Manage purchases

    Allows purchasing licenses, managing billing, viewing teams and global org settings.

    The following default roles have this permission by default:

    View licenses

    Allows viewing licenses, teams, and global org settings.

    The following default roles have this permission by default:

    Default roles

    JetBrains Central Console defines several default roles.

    Org admin

    A primary organization admin role with management access to everything.

    Default permissions:

    Org viewer

    A role with read-only access to most pages in JetBrains Central Console.

    Default permissions:

    AI admin

    A role with management access to AI-related pages.

    Default permissions:

    AI viewer

    A role with read-only access to AI-related pages.

    Default permissions:

    AI analytics viewer

    A role with access only to AI analytics.

    Default permissions:

    Licensing and billing manager

    A role with management access to licensing and billing – not only purchasing licenses but also assigning them.

    Default permissions:

    Purchase manager

    A role for license procurement – purchasing licenses but not assigning them.

    Default permissions:

    License viewer

    A role for read-only billing oversight.

    Default permissions:

    Role scopes

    Every role has a scope that determines where its permissions apply.

    • Organization for roles with permissions that should apply across the entire organization.

    • Groups for roles with permissions that should apply only within a specific group. For example, a team lead can have group-scoped permissions to manage AI access for their group's members only.

    Not all permissions support group scopes. A role scoped to groups can only have the following permissions:

    Team admin

    This is a special role for users who manage licenses and orders within a team. Team admins don't have visibility into or control over other teams or organization-wide settings.

    Team admins can:

    • Assign and revoke licenses from the team's pool.

    • Purchase or upgrade licenses for the team.

    • Invite other team admins to manage the same team.

    You can get the team admin role automatically when purchasing licenses or by invitation from an org admin or another team admin.

    • Purchasing new licenses does not grant you the org admin role for an existing organization if another person previously purchased licenses for that organization. Instead, your purchased licenses will form a new team, and you will receive the team admin role.

    • Org admins and team admins can invite you to become a team admin for a specific team. For more information, see Add or remove team admins.

    03 July 2026