This article outlines the permissions that can be added to a role. There are 3 main access levels for each permission: 

• Manager: Can create, update, and delete items
• Developer: Can deploy environments
• Read Only: Has view-only access

Create

• Solutions: Gives access to the Solution configurations for your instance
• App Customization: Allows users to customize app settings and design
• Forms: Gives access to Forms for your instance. This permission requires at least Read Only Integrations permissions to set up some submission events, and at least Read Only API Hosting permissions to set up the "Webhook: Hosted API" submission event. 
• Apps: Gives access to applications for your instance
• App Users: Allows users to manage or view app users and SAML configurations
• Submission Data: Gives access to Submission Data for forms

Advanced

• Environments: Gives access to the Environments for your instance
• Option Sets: Allows users to manage or view Option Sets
• Email Templates: Gives access to Email Templates
• Web/CDN Hosting: Allows users to manage or view Web/CDN Hosting and deploy environments
• Scheduling, Integrations & Development Keys: Gives access to the scheduling, integrations, and developer keys functions of your instance
• Lookups: Allows users to manage or view Lookups
• API Hosting: Allows users to manage or view Hosted APIs and deploy environments

Administration

• Retention Policies: Allows users to manage or view data retention policies, data manager form selection
  • Note: We recommend only giving Manager access for this permission to the Owner role. 
• Team Members: Gives access to Team Members for the instance
• Auditing: Allows users to view Audit records
• Roles: Allows users to manage or view Roles
  • Note: We recommend only giving Manager access for this permission to the Owner role. 
• Billing: Gives access to available billing solutions

Resources

• Roles Overview
• Assign a Role to a Team Member