# Assign Roles to Members

**ID:** ORG-003
**Priority:** High
**Status:** Planned

## User Story
As an organization owner, I want to assign different roles to team members so that I can control what each person can access and do within the organization.

## Acceptance Criteria
- [ ] Owner can create custom roles for the organization
- [ ] Default roles: Owner, Admin, Member, Viewer
- [ ] Each role has configurable permissions
- [ ] Owner can assign/change roles for any member
- [ ] Role changes take effect immediately
- [ ] Members can view their own role and permissions
- [ ] Audit log for role changes
- [ ] At least one Owner must exist at all times

## Technical Notes
- RoleManager exists with basic role infrastructure
- `getRolesAndOrganizationsForUserId` endpoint available
- Need to expand Role model with permissions array
- Consider permission inheritance (Admin inherits Member permissions)
- JWT claims should include role for authorization

## Related TODOs
- Partial implementation exists in RoleManager