# Manage instance-level user access roles

You can control access on two different levels:

1. **Assign user roles** - defining a user's role assigns them a fixed set of permissions. For example - assigning your colleague as Admin
2. **Customize your instance-level user roles** - the **Roles** page also lets you set the permissions for each role. For example, disable `scenario edit` for the `External developer` role so users with this role cannot make changes to scenarios.