# Certn API Documentation - User Roles

> Source: https://centric-api-docs.certn.co/#user-roles
> Interactive docs: https://centric-api-docs.certn.co/#user-roles

## User Roles

Each Client Portal User belongs to a single role. The role determines what they can see and do across the account, in both the Client Portal UI and the API. Use this guide as a reference when inviting Users via `POST /api/public/users/` or updating their role via `PATCH /api/public/users/{id}/`.

All roles below exist in the Client Portal. To prevent customers from accidentally creating accounts with full administrative access, the `ADMIN` role is intentionally **not assignable via the API** — it can only be granted from the Client Portal UI by an existing Admin.

### Role reference

The following roles can appear on Users returned by the API. The `API Assignable` column indicates whether the role can be set via `POST /api/public/users/` or `PATCH /api/public/users/{id}/`.

| Role | API Assignable | Description |
|------|----------------|-------------|
| `ADMIN` | No | Full access to all functionalities across regions within the account. Can see and manage almost anything. Must be granted from the Client Portal UI; cannot be assigned via the API. |
| `MANAGER` | Yes | Manage details within assigned groups, along with additional features such as tag management and check settings. Cannot view or manage groups they are not invited to. |
| `CONTRIBUTOR` | Yes | Order and review cases within assigned groups. Cannot manage user access to groups, view invoices, or make adjudication decisions on other users' cases. |
| `BILLING` | Yes | View and manage invoices, billing profiles, payments, and export data. Cannot order or manage cases. |
| `REQUESTOR` | Yes | Initiate checks and track progress without accessing sensitive report data. Can order checks and view case status, but cannot view reports or scores. A reviewer must be assigned to review reports and make the final decision. |

> Sending a non-assignable role (such as `ADMIN`) to `POST /api/public/users/` or `PATCH /api/public/users/{id}/` returns a `400 Bad Request` with a `validation_error` indicating that the role is not a valid choice.

---

## Additional Resources

- [Interactive Documentation](https://centric-api-docs.certn.co)
- [OpenAPI Specification](https://centric-api-docs.certn.co/openapi.yaml)
- [All Reference Docs](https://centric-api-docs.certn.co/reference/)

*Generated from Certn API Documentation*