# Roles and Permissions > \[!CAUTION] > > Programmable Chat has been deprecated and is no longer supported. Instead, we'll be focusing on the next generation of chat: Twilio Conversations. Find out more about the [EOL process here](https://www.twilio.com/en-us/changelog/programmable-chat-end-of-life-notice). > > If you're starting a new project, please visit the [Conversations Docs](/docs/conversations) to begin. If you've already built on Programmable Chat, please visit our [Migration Guide](/docs/conversations/migrating-chat-conversations) to learn about how to switch. The Programmable Chat Permission model uses `Roles` and `Permissions` to enforce what Users and Members can do within a Service instance. These permissions are related to `Channels`, `Members`, and `Messages`. Roles and their associated permissions can be edited and extended on a per Service instance basis to meet the needs of different use cases. **Table of Contents** * [Roles and Role Scopes](#role-scopes) * [Default Roles and Permissions](#default-roles-permissions) * [Managing Roles and Permissions](#managing-roles-permissions) ## Roles and Role Scopes \[#role-scopes] *Chat Roles* are divided into two "Scopes," Service and Channel. These determine how the Role permissions are applied depending on the context. * *Service level Roles* are assigned to Users and dictate which Channels the User can see, join, and create. * *Channel level Roles* are assigned to Members within a Channel. These roles determine what Members can do within that Channel, such as send Messages, add other Members, edit Messages and more. *Permissions* are enforced at runtime based on the action being performed and whether the User/Member's Role has the required Permissions. If they do, the action is allowed and will be processed. If not, the action will be disallowed, and an error message will be returned to the requesting endpoint (usually a 403 Permission Denied error). `Note:` Chat Service instances are created with a default set of Roles and Permissions. You can modify and extend these Roles and their assigned Permissions via the REST API. ## Default Roles and Permissions \[#default-roles-permissions] When a new Chat Service instance is created, the following default Roles are created with the assigned set of Permissions: **Role**: **Service Admin** **Type**: **deployment** **Permissions**: * createChannel * joinChannel * destroyChannel * editChannelAttributes * editChannelName * addMember * inviteMember * removeMember * editAnyMemberAttributes * editAnyMessage * deleteAnyMessage * editAnyMessageAttributes * editAnyUserInfo **Role**: **Service User (Default Service User Role)** **Type**: deployment **Permissions**: * createChannel * editOwnUserInfo * joinChannel **Role**: **Channel Admin** **Type**: channel **Permissions**: * addMember * deleteAnyMessage * destroyChannel * editAnyMessage * editAnyMessageAttributes * editAnyMemberAttributes * editChannelAttributes * editChannelName * editNotificationLevel * inviteMember * leaveChannel * removeMember * sendMediaMessage * sendMessage **Role**: **Channel User (Default Channel Member Role)** **Type**: channel **Permissions**: * deleteOwnMessage * editOwnMessage * editOwnMessageAttributes * editOwnMemberAttributes * leaveChannel * sendMediaMessage * sendMessage * editNotificationLevel ## Manage Roles and Permissions \[#managing-roles-permissions] It is possible to manage Roles within a Service instance, create new ones, modify Permissions for a Role, and more via the Roles REST endpoint. The following roles and permissions management best practices will help you to setup needed roles for the newly created or invited users. * When you [create a User](/docs/chat/rest/user-resource) you must pick a **Service Role**, if you have not created your own Service Role, you must choose whether they are a Service User, or a Service Admin. * When you [invite a User](/docs/chat/rest/invite-resource) to a Channel, they become a member and the **Channel Role** they receive is an optional parameter in the invite. Alternatively, you can add the optional Channel Role while Creating a Channel Member by [adding the member](/docs/chat/rest/member-resource) using the Identity of the User. You can also [create your own Service and Channel Roles](/docs/chat/rest/role-resource) if the defaults do not suit you. **We recommend leaving the default roles untouched**. To see the full list of permissions available please follow [this link](/docs/chat/rest/role-resource). You can find more information on how to do this in our [Programmable Chat Roles REST Resource](/docs/chat/rest/role-resource) *`Note:` While it is possible to delete the default Roles, it is not advisable, as any Users and Members created before the delete will reference the Default Role SIDs. Instead, modify these roles and reuse them, adding new Roles as needed.* ## Modifying Permissions in the Twilio Console ### Adding or Removing Permissions To add or remove permissions, first select the Chat Service which you would like to modify. Click the Chat heading in the left sidebar, then click **Manage**. You will then see the **Services** menu option, give it a click. Once on the "Chat Services" page select the name of the Chat service you want to edit. ![Chat Services page with 'First Chat' and 'Default Conversations Service' listed.](https://docs-resources.prod.twilio.com/99541f5e327c03278dcbaefe4efee90700415b6f7b29cf4066246f418ecd26d5.png) Click **Roles and Permissions** in the side navigation menu and select the "deployment" role. ![Twilio console showing roles like service user and channel admin with type deployment or channel.](https://docs-resources.prod.twilio.com/91711bd4fcddb8dea407eb5dd576107140671ef303ef4eb87b3a0674da681b48.png) From here, you can add and remove permissions as needed. ![Roles and Permissions page with 'editAnyMessage' permission checked.](https://docs-resources.prod.twilio.com/fe92843f3396c79a76906db382416f8eb714ea6396fb8a01d4bc985dba5ccd70.png) ### Adding or Removing Permissions for a Specific User From the page of the individual Chat service you'd like to modify, click **Users** and search for a specific user identity from your list of users, and click the Identity name once found. ![Twilio chat user list with search bar and user details including identity, SID, and creation date.](https://docs-resources.prod.twilio.com/61637291d586d4f607b109820a169a01708805fa14adfddfbf756d3d5d65ef53.png) You can now adjust the role for that user by selecting either **"service user"** or **"service admin"**. ![Twilio user properties screen showing identity, role, and date updated.](https://docs-resources.prod.twilio.com/7aaf94f30955335a4e7c0dc01ecd8baba73c45a91addb43dc49fbe6162f75523.png) Next: [Typing Indicator](/docs/chat/typing-indicator)