# Project-level access control > :::note Any changes made can take up to 15 minutes to reflect. ::: :::note Any changes made can take up to 15 minutes to reflect. ::: ## Overview To better protect sensitive business data stored as training or evaluation datasets, you can set up access control based on your roles. You can set up permissions for both groups or users for the following pages: * At tenant level: + Project: everyone can access their project, but only users with `Read` permissions on project-level can view projects they are not part of. + Licenses: read-only. + Users: roles can be managed from specific page. + Roles: you can create roles for users. * At project level: + Dataset + Pipelines + Data Labeling + ML Packages + ML Skills + ML Logs (read-only) + Settings: user management at project level ### Default roles The following roles and permissions are created by default for **AI Center**: * Administrator: all permissions granted * Tenant administrator: + Project: create, read, update, and delete + Licenses: read-only + Users: create, read, update, and delete + Roles: create, read, update, and delete + Profiles: read-only * Project creator: + Project: create and update + Profile: read-only * Data scientist: + Dataset: create, read, update, and delete + Pipelines: create, read, update, and delete + Data Labeling: create, read, update, and delete + ML Packages: create, read, update, and delete + ML Skills: create, read, update, and delete + ML Logs: read-only * Project administrator: + Dataset: create, read, update, and delete + Pipelines: create, read, update, and delete + Data Labeling: create, read, update, and delete + ML Packages: create, read, update, and delete + ML Skills: create, read, update, and delete + ML Logs: read-only + Settings: create, read, update, and delete * All-projects administrator: + Project: read + Dataset: create, read, update, and delete + Pipelines: create, read, update, and delete + Data Labeling: create, read, update, and delete + ML Packages: create, read, update, and delete + ML Skills: create, read, update, and delete + ML Logs: read-only + Settings: create, read, update, and delete :::note The **All-Projects administrator** role is only available on tenants created starting with April 2024. Users with this role can access all existing projects and have full permissions within these projects. ::: * Users manager: + Settings: create, read, update, and delete ## Default group and role assignments By default, group and role assignments are assigned when provisioning a tenant and when creating a new project. The following default groups and roles are assigned when provisioning a tenant: * The **Administrator** group is added to all **AI Center** tenants with the **Administrator** role. * The **Automation Developer** group is added to all **AI Center** tenants with the **Project Creator** role. * The **Automation User** group is added to all **AI Center** tenants with no role. * The **Everyone** group is added with no role. The following default groups and roles are assigned when creating a new project: * The **Project Creator** is added to the project with the **Project Administrator** role. * The **Administrator** group is added with the **Users Manager** role. Additionally, if the project creator decided not to restrict user access while creating the project, the **Everyone** group is added with the **Data Scientist** role. ## Profile page The profile page displays two tables with permissions information on two levels: * Tenant level * Project level The tenant table is static, only displaying permissions at tenant level. In the project table you can view permissions at project level, choosing the project you are interested in from the drop-down list. You can also search for a project by typing in the drop-down field. ![Screenshot including the Profile page in UiPath AI Center.](https://dev-assets.cms.uipath.com/assets/images/ai-center/ai-center-screenshot-including-the-profile-page-in-uipath-ai-center-109684-cb278c95-bc7776fa.webp) ## Restricting access to an existing project To restrict or unrestrict access to an existing project, use the following procedure. 1. Log in to **UiPath® AI Center**. 2. Select the three dots button on a project card and choose **Edit** from the drop-down menu. ![Screenshot including the Edit button in UiPath AI Center.](https://dev-assets.cms.uipath.com/assets/images/ai-center/ai-center-screenshot-including-the-edit-button-in-uipath-ai-center-109153-afe4825b-7ebcc192.webp) 3. In the **Edit project** page, turn on the **Restrict access** toggle. ![Screenshot including the Restrict access button in UiPath AI Center.](https://dev-assets.cms.uipath.com/assets/images/ai-center/ai-center-screenshot-including-the-restrict-access-button-in-uipath-ai-center-450390-8f866a71-a16cadea.webp) 4. Go to the **User Management** page in your project. ![Screenshot including the Settings button in UiPath AI Center.](https://dev-assets.cms.uipath.com/assets/images/ai-center/ai-center-screenshot-including-the-settings-button-in-uipath-ai-center-450394-c69cbf2a-c622eca6.webp) 5. Select the three dots button next to a user or a group to edit the user assignment or select **Assign** to assign a new user with the desired role. 6. Select the desired role for the user from the drop-down list. ![Screenshot including the selected roles list in UiPath AI Center.](https://dev-assets.cms.uipath.com/assets/images/ai-center/ai-center-screenshot-including-the-selected-roles-list-in-uipath-ai-center-450400-f8b64a50-1a467e76.webp) 7. If you want to add a new user or group, select **Assign** in the **User Management** page. 8. To delete a user or a group, select the three dots button next to a user or a group and choose **Delete** from the drop-down list. ![Screenshot including the Delete button in UiPath AI Center, User Management page.](https://dev-assets.cms.uipath.com/assets/images/ai-center/ai-center-screenshot-including-the-delete-button-in-uipath-ai-center-user-management-page-450404-3b6c300b-bd7f1439.webp) :::note When deleting a user, only the roles are removed from the list. The username is still displayed in the list, even though it has no roles assigned. :::