seqeralabs · justinegeffen · Jul 10, 2025 · Jul 1, 2025 · Jul 3, 2025 · Jul 3, 2025
diff --git a/platform-cloud/docs/orgs-and-teams/roles.md b/platform-cloud/docs/orgs-and-teams/roles.md
@@ -1,7 +1,8 @@
 ---
 title: "User roles"
 description: "Understand the various roles in Seqera Platform."
-date: "10 Jun 2024"
+date created: "2024-06-10"
+last updated: "2025-07-03"
 tags: [roles, user-roles]
 ---
 
@@ -13,11 +14,27 @@ You can group **members** and **collaborators** into **teams** and apply a role
 
 ### Organization user roles
 
-- **Owner**: After an organization is created, the user who created the organization is the default owner of that organization. Aditional users can be assigned as organization owners. Owners have full read/write access to modify members, teams, collaborators, and settings within an organization.
+- **Owner**: After an organization is created, the user who created the organization is the default owner of that organization. Additional users can be assigned as organization owners. Owners have full read/write access to modify members, teams, collaborators, and settings within an organization.
 - **Member**: A member is a user who is internal to the organization. Members have an organization role and can operate in one or more organization workspaces. In each workspace, members have a participant role that defines the permissions granted to them within that workspace.
 
+### Role inheritance
+
+If a user is concurrently assigned to a workspace as both a named **participant** and member of a **team**, Seqera assigns the higher of the two privilege sets.
+
+Example:
+
+- If the participant role is Launch and the team role is Admin, the user will have Admin rights.
+- If the participant role is Admin and the team role is Launch, the user will have Admin rights.
+- If the participant role is Launch and the team role is Launch, the user will have Launch rights.
+
+As a best practice, use teams as the primary vehicle for assigning rights within a workspace and only add named participants when one-off privilege escalations are necessary.
+
 ### Workspace participant roles
 
+:::note
+Workspace participants with any role can leave the workspace, i.e., remove themselves as a workspace participant. However, only workspace owners and admins can add or remove workspace participants other than themselves. 
+:::
+
 | Permission / Role                          | Owner | Admin | Maintain | Launch | Connect | View |
 |--------------------------------------------|:-------:|:-------:|:----------:|:--------:|:---------:|:------:|
 | **Organization: Settings:** Add, edit, delete        | ✅     | ❌     | ❌       | ❌     | ❌      | ❌   |
@@ -62,19 +79,3 @@ You can group **members** and **collaborators** into **teams** and apply a role
 | **Workspace: Studios:** Add as new (duplicate studio)                        | ✅     | ✅     | ✅        | ❌     | ❌      | ❌   |
 | **Workspace: Studios: Checkpoints:** Edit studio checkpoint name                        | ✅     | ✅     | ✅        | ❌     | ❌      | ❌   |
 | **Workspace:** View (read-only) resources         | ✅     | ✅     | ✅        | ✅     | ✅       | ✅    |
-
-:::note
-Workspace participants with any role can leave the workspace, i.e., remove themselves as a workspace participant. However, only workspace owners and admins can add or remove workspace participants other than themselves. 
-:::
-
-### Role inheritance
-
-If a user is concurrently assigned to a workspace as both a named **participant** and member of a **team**, Seqera assigns the higher of the two privilege sets.
-
-Example:
-
-- If the participant role is Launch and the team role is Admin, the user will have Admin rights.
-- If the participant role is Admin and the team role is Launch, the user will have Admin rights.
-- If the participant role is Launch and the team role is Launch, the user will have Launch rights.
-
-As a best practice, use teams as the primary vehicle for assigning rights within a workspace and only add named participants when one-off privilege escalations are deemed necessary.