# prefect-community

Jeff Brainerd

04/14/2020, 2:50 PM
Hello Prefect team — I’m looking for documentation that details the permissions that each type of cloud user has (admin, user, restricted), as well as permissions for API tokens. For example, what types of users can start or cancel a flow, both via the UI and API? Thanks! 🙏

Kyle Moon-Wright

04/14/2020, 3:31 PM
Hey Jeff, This is a great question, and we’ve made an issue to make this breakdown more visible. The permissions operate in the following way: • RESTRICTED users are read only, cannot perform any actions. • USERS can perform any action that doesn’t affect other users (i.e. run flows, state changes, etc.), they have the full experience of workflow interaction, but do not manage the team in any way. • TENANT ADMIN can perform any action, manage the team, and are all powerful… More information on API Token scope can be found here:

Jeff Brainerd

04/14/2020, 3:32 PM
thanks Kyle, that is super helpful!
👍 1