> ## Documentation Index
> Fetch the complete documentation index at: https://docs.domino.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Roles and security

Governance uses role-based access to control who can create policies, submit evidence, and approve bundles. Governance introduces one new Domino Global Role: **GovernanceAdmin**. For the remaining roles, Governance relies on existing project roles.

## GovernanceAdmin

**Governance Administrators** create, edit, and publish policies. They also have access to compliance views, audit trail, and Governance APIs. SysAdmins automatically have GovernanceAdmin permissions. All other users must be explicitly assigned the role.

## Project-based roles

The following roles are based on existing Domino project permissions:

* **Practitioners** are existing Domino users who gain access to governed bundles through their project permissions. They create bundles, add artifacts and evidence, and submit bundles for review. Practitioners can’t create policies or approve stages.

* **Approvers** review evidence and approve bundles at designated stages. When a practitioner requests a review, the approver receives a task assignment. Approvers can also create findings to document issues and track resolution. Any user listed in a policy or organization as an approver gains consumer-level access to projects with governed bundles.

## Assign the GovernanceAdmin role

To grant the **GovernanceAdmin** role:

1. In the Admin portal, go to **Manage Resources** > **Users**.

2. Select the user to update and click **Edit**.

3. Select **GovernanceAdmin (Admin role for Governance)** from the list of roles, then click **Save**.

## Role permissions summary

The following table summarizes what each role can do in Governance:

| Permission                  | Practitioner | Approver | GovernanceAdmin |
| --------------------------- | ------------ | -------- | --------------- |
| Create governed bundles     | Yes          | No       | Yes             |
| Add evidence and artifacts  | Yes          | Yes      | Yes             |
| Submit bundles for review   | Yes          | No       | Yes             |
| Review and approve stages   | No           | Yes      | Yes             |
| Create findings             | Yes          | Yes      | Yes             |
| Create and publish policies | No           | No       | Yes             |
| Access Governance APIs      | Yes          | No       | Yes             |

## Next steps

* [Work with bundles](/cloud/platform-capabilities/features/governance/work-with-bundles): package models and artifacts for review

* [Review and approve bundles](/cloud/platform-capabilities/features/governance/work-with-bundles/review-bundles): submit bundles for formal approval

* [Define policies](/cloud/platform-capabilities/features/governance/define-governance-policies): create and configure policies (for Governance administrators)

* [Audit Trail](/cloud/platform-capabilities/features/governance/audit-trail): review a log of user and system actions across the platform
