wandb · mdlinville · May 1, 2026 · May 1, 2026 · May 4, 2026 · May 4, 2026
@@ -6,7 +6,7 @@ title: Download and use artifacts
 Download and use an artifact that is already stored on the W&B server or construct an artifact object and pass it in to for de-duplication as necessary.
 
 <Note>
-Team members with view-only seats cannot download artifacts.
+Team members with a Models **Viewer** seat cannot download artifacts.
 </Note>
 
 

@@ -33,7 +33,7 @@ Create one or more custom aliases for a specific artifact versions based on your
 - You might use aliases such as `dataset_version_v0`, `dataset_version_v1`, and `dataset_version_v2` to identify which dataset a model was trained on.
 - You might use a `best_model` alias to keep track of the best performing artifact model version.
 
-Any user with a [**Member** or **Admin** registry role](/models/registry/configure_registry/#registry-roles) on a registry can add or remove a custom alias from a linked artifact in that registry. Users with the [**Restricted Viewer** or **Viewer** roles](/models/registry/configure_registry/#registry-roles) cannot add or remove aliases.
+Any user with a [**Member** or **Admin** registry role](/models/registry/configure_registry/#registry-roles) on a registry can add or remove a custom alias from a linked artifact in that registry. Users with the [**Restricted viewer** or **Viewer** roles](/models/registry/configure_registry/#registry-roles) cannot add or remove aliases.
 
 <Note>
 [Protected aliases](/models/registry/aliases/#protected-aliases) provide a way to label and identify which artifact versions to protect from modification or deletion.
@@ -88,7 +88,7 @@ with wandb.init(entity = "<team_entity>", project = "<project_name>") as run:
 ### Protected aliases
 Use a [protected alias](/models/registry/aliases/#protected-aliases) to both label and identify artifact versions that should not be modified or deleted. For example, consider using a `production` protected alias to label and identify artifact versions that are in used in your organization's machine learning production pipeline.
 
-[Registry admin](/models/registry/configure_registry/#registry-roles) users and [service accounts](/support/models/articles/what-is-a-service-account-and-why-is-it-) with the **Admin** role can create protected aliases and add or remove protected aliases from an artifact version. Users and service accounts with **Member**, **Viewer**, and **Restricted Viewer** roles cannot unlink a protected version or delete a collection that contains a protected alias. See [Configure registry access](/models/registry/configure_registry/) for details.
+[Registry admin](/models/registry/configure_registry/#registry-roles) users and [service accounts](/support/models/articles/what-is-a-service-account-and-why-is-it-) with the **Admin** role can create protected aliases and add or remove protected aliases from an artifact version. Users and service accounts with **Member**, **Viewer**, and **Restricted viewer** roles cannot unlink a protected version or delete a collection that contains a protected alias. See [Configure registry access](/models/registry/configure_registry/) for details.
 
 Common protected aliases include:
 

@@ -39,7 +39,7 @@ Removing a user from a team also removes that user's access to the registry.
 
 ### Change the owner of a registry
 
-A registry admin can designate any member as a registry's owner, including a **Restricted Viewer** or a **Viewer**. Registry ownership is primarily for accountability purposes and does not confer any additional permissions beyond those granted by the user's assigned role.
+A registry admin can designate any member as a registry's owner, including a **Restricted viewer** or a **Viewer**. Registry ownership is primarily for accountability purposes and does not confer any additional permissions beyond those granted by the user's assigned role.
 
 To change the owner:
 1. Navigate to the W&B Registry at https://wandb.ai/registry/.
@@ -75,20 +75,20 @@ W&B automatically assigns a default **registry role** to a user or team when the
 
 | Entity                                 | Default registry role<br />(Dedicated Cloud / Self-Managed)               | Default registry role<br />(Multi-tenant Cloud)            |
 |----------------------------------------|---------------------------------------------------------------------------|------------------------------------------------------------|
-| Team                                   | Restricted Viewer (Server v0.75.0+) <br />Viewer (Server v0.74.x and below) | Restricted Viewer                               |
-| User or service account (non admin)    | Restricted Viewer (Server v0.75.0+) <br />Viewer (Server v0.74.x and below) | Restricted Viewer                               |
+| Team                                   | Restricted viewer (Server v0.75.0+) <br />Viewer (Server v0.74.x and below) | Restricted viewer                               |
+| User or service account (non admin)    | Restricted viewer (Server v0.75.0+) <br />Viewer (Server v0.74.x and below) | Restricted viewer                               |
 | Service account (non admin)            | Member<sup><a href="#service_account_footnote">1</a></sup>                | Member<sup><a href="#service_account_footnote">1</a></sup> |
 | Org admin                              | Admin                                                       | Admin                                           |
 
-<a id="service_account_footnote">1</a>: Service accounts cannot have **Viewer** or **Restricted Viewer** roles.
+<a id="service_account_footnote">1</a>: Service accounts cannot have **Viewer** or **Restricted viewer** roles.
 
 A registry admin can assign or modify roles for users and teams in the registry.
 See [Configure user roles in a registry](/models/registry/configure_registry/#configure-registry-roles) for more information.
 
 ### Role permissions
 The following table lists each Registry role, along with the permissions provided by each role:
 
-| Permission                                                                                                            | Permission Group | Restricted Viewer<br />(Multi-tenant Cloud, by invitation) | Viewer | Member | Admin |
+| Permission                                                                                                            | Permission Group | Restricted viewer<br />(Multi-tenant Cloud, by invitation) | Viewer | Member | Admin |
 |-----------------------------------------------------------------------------------------------------------------------|------------------|------------------------------------------------------------|:------:|:------:|:-----:|
 | View a collection's details                                                                                           | Read             | ✓                                                          |   ✓    |   ✓    |   ✓   |
 | View a linked artifact's details                                                                                      | Read             | ✓                                                          |   ✓    |   ✓    |   ✓   |
@@ -131,12 +131,12 @@ A user's effective role in a particular registry matches their _highest_ role am
 - A registry **Viewer** with the **Member** role in the team is effectively a **Member** of the registry.
 - A team **Viewer** with the **Member** role in a particular registry is effectively a **Member** of the registry.
 
-### Restricted Viewer role details
-The **Restricted Viewer** role is Generally Available (GA). For Dedicated Cloud and Self-Managed, Server v0.75.0 or newer is required.
+### Restricted viewer role details
+The **Restricted viewer** role is Generally Available (GA). For Dedicated Cloud and Self-Managed, Server v0.75.0 or newer is required.
 
 This role provides read-only access to registry artifacts without the ability to create, update, or delete collections, automations, or other registry resources.
 
-Unlike a **Viewer**, a **Restricted Viewer**:
+Unlike a **Viewer**, a **Restricted viewer**:
 - Cannot download artifact files or access file contents.
 - Cannot use artifacts with `wandb.Run.use_artifact()` in the W&B SDK.
 
@@ -146,11 +146,11 @@ Unlike a **Viewer**, a **Restricted Viewer**:
 
 **SDK version requirement**
 
-To use the W&B SDK to access artifacts as a **Restricted Viewer**, you must use W&B SDK version 0.19.9 or higher. Otherwise, some SDK commands will result in permission errors.
+To use the W&B SDK to access artifacts as a **Restricted viewer**, you must use W&B SDK version 0.19.9 or higher. Otherwise, some SDK commands will result in permission errors.
 
 </Note>
 
-When a **Restricted Viewer** uses the SDK, certain functions are not available or work differently.
+When a **Restricted viewer** uses the SDK, certain functions are not available or work differently.
 
 The following methods are not available and result in permission errors:
 - [`Run.use_artifact()`](/models/ref/python/experiments/run/#method-runuse_artifact)
@@ -166,9 +166,9 @@ The following methods are limited to artifact metadata:
 
 ### Cross-registry permissions
 
-A user can have different roles in different registries. For example, a user can be a **Restricted Viewer** in Registry A but a **Viewer** in Registry B. In this case:
+A user can have different roles in different registries. For example, a user can be a **Restricted viewer** in Registry A but a **Viewer** in Registry B. In this case:
 
 - The same artifact linked to both registries will have different access levels
-- In Registry A, the user is a **Restricted Viewer** and cannot download files or use the artifact
+- In Registry A, the user is a **Restricted viewer** and cannot download files or use the artifact
 - In Registry B, the user is a **Viewer** and can download files and use the artifact
 - In other words, access is determined by the registry in which the artifact is accessed
@@ -51,8 +51,8 @@ The following table summarizes how seats work for Models and Weave:
 
 | Product | Seats | Cost based on |
 | ----- | ----- | ----- |
-| Models | Pay per set | How many Models paid seats you have and how much usage you've accrued determines your overall subscription cost. You can assign each user one of three available seat types: Full, Viewer, or No-Access. |
-| Weave | Free | Usage based |
+| Models | Pay per set | How many Models paid seats you have, and how much usage you’ve accrued determines your overall subscription cost. Each user can be assigned one of the three available seat types: Full, Viewer, and No access |
+| Weave | Free  | Usage based |
 
 ### Invite a user
 
@@ -64,8 +64,8 @@ Admins can invite users to their organization, as well as to specific teams with
 2. In the upper right corner of the page, select the **User menu** dropdown. Within the **Account** section of the dropdown, select **Users**.
 3. Select **Invite new user**.
 4. In the modal that appears, provide the email or username of the user in the **Email or username** field.
-5. Optional: Add the user to a team from the **Choose teams** dropdown menu.
-6. From the **Select role** dropdown, select the role to assign to the user. You can change the user's role later. See the table listed in [Assign a role](#assign-or-update-a-team-members-role) for more information about possible roles.
+5. (Recommended) Add the user to a team from the **Choose teams** dropdown menu.
+6. From the **Select role** dropdown, select the organization role to assign to the user. You can change the user's role at a later time. See the table in [Assign or update a user's role](#assign-or-update-a-users-role) for possible roles.
 7. Click the **Send invite** button.
 
 After you select the **Send invite** button, W&B sends an invite link to the user's email using a third-party email server. A user can access your organization once they accept the invite.
@@ -74,8 +74,8 @@ After you select the **Send invite** button, W&B sends an invite link to the use
 1. Navigate to `https://<org-name>.io/console/settings/`. Replace `<org-name>` with your organization name.
 2. Select the **Add user** button.
 3. Within the modal that appears, provide the email of the new user in the **Email** field.
-4. Select a role to assign to the user from the **Role** dropdown. You can change the user's role later. See the table listed in [Assign a role](#assign-or-update-a-team-members-role) for more information about possible roles.
-5. To have W&B send an invite link to the user's email using a third-party email server, check the **Send invite email to user** box.
+4. Select a role to assign to the user from the **Role** dropdown. You can change the user's role at a later time. See the table in [Assign or update a user's role](#assign-or-update-a-users-role) for possible roles.
+5. Check the **Send invite email to user** box if you want W&B to send an invite link using a third-party email server to the user's email.
 6. Select the **Add new user** button.
 </Tab>
 </Tabs>
@@ -182,35 +182,33 @@ A user within an organization can have one of the following roles:
 
 | Role | Descriptions |
 | ----- | ----- |
-| Admin | An instance admin who can add or remove other users to the organization, change user roles, manage custom roles, add teams, and more. W&B recommends having more than one admin in case your admin is unavailable. |
-| Member | A regular user of the organization, invited by an instance admin. An organization member can't invite other users or manage existing users in the organization. |
+| Admin | An organization admin who can add users to the organization or remove them, change user roles, manage custom roles, add teams and more. W&B recommends ensuring there is more than one admin in the event that your admin is unavailable. |
+| Member | A regular user of the organization, invited by an instance admin. An organization member cannot invite other users or manage existing users in the organization. |
 | Viewer (Enterprise-only feature) | A view-only user of your organization, invited by an instance admin. A viewer only has read access to the organization and the underlying teams that they are a member of. |
-| Custom Roles (Enterprise-only feature) | Custom roles let organization admins compose new roles by inheriting from the preceding View-Only or Member roles and adding additional permissions to achieve fine-grained access control. Team admins can then assign any of those custom roles to users in their respective teams. For more information, see [Add and manage custom roles](#add-and-manage-custom-roles). |
+| Custom Roles (Enterprise-only feature) | Custom roles allow organization admins to compose new roles by inheriting from the preceding **Viewer** or **Member** organization roles, and adding additional permissions to achieve fine-grained access control. Team admins can then assign any of those custom roles to users in their respective teams. See also [Add and manage custom roles](#add-and-manage-custom-roles). |
 
 To change a user's role:
 
 1. Navigate to https://wandb.ai/home.
 2. In the upper right corner of the page, select the **User menu** dropdown. From the dropdown, choose **Users**.
-3. Provide the name or email of the user in the search bar.
-4. Select a role from the **TEAM ROLE** dropdown next to the name of the user.
+3. Find the user in the list. You can filter by name or email in the search bar.
+4. Select a role from the **ORG ROLE** dropdown next to the name of the user.
 
 ### Assign or update a user's access
 
-While the organization role controls administrative actions, the seat type controls what a user can do within Models and Weave. Use this procedure when you need to change a user's product-level permissions independent of their organization role.
-
-A user within an organization has one of the following Model seat or Weave access types: full, viewer, or no access.
+A user within an organization has a **Models seat** and **Weave access** level. Each is one of **Full**, **Viewer**, or **No access**. These are separate from the organization **Viewer** role, which controls organization-wide permissions.
 
-| Seat type | Description |
+| Seat or access level | Description |
 | ----- | ----- |
-| Full | Users with this role type have full permissions to write, read, and export data for Models or Weave. |
-| Viewer | A view-only user of your organization. A viewer only has read access to the organization and the underlying teams that they are a part of, and view-only access to Models or Weave. |
-| No access | Users with this role have no access to the Models or Weave products. |
+| Full | Full access to read, write, and export in Models or Weave for that user. |
+| Viewer | Read-only access to Models or Weave for that user. |
+| No access | No access to Models or Weave for that user. |
 
-Model seat type and Weave access type are defined at the organization level and inherited by the team. To change a user's seat type, navigate to the organization settings and follow these steps:
+Models seat and Weave access are defined at the organization level and inherited by the team. To change them, navigate to the organization user list and use the following steps:
 
 1. For Multi-tenant Cloud users, navigate to your organization's settings at `https://wandb.ai/account-settings/<organization>/settings`. Replace the values enclosed in angle brackets (`<>`) with your organization name. For Dedicated Cloud and Self-Managed deployments, navigate to `https://<your-instance>.wandb.io/org/dashboard`.
 2. Select the **Users** tab.
-3. From the **Role** dropdown, select the seat type you want to assign to the user.
+3. From the **MODELS SEAT** and **WEAVE ACCESS** dropdowns for that user, select the levels you want to assign.
 
 <Note>
 The organization role and subscription type determine which seat types are available within your organization.
@@ -271,7 +269,7 @@ Invite users to a team in your organization. Use the team's dashboard to invite
 </Frame>
 3. Select the **Users** tab.
 4. Click **Invite a new user**.
-5. Within the modal that appears, provide the email of the user in the **Email or username** field and select the role to assign to that user from the **Select a team** role dropdown. For more information about roles a user can have in a team, see [Assign or update a team member's role](#assign-or-update-a-team-members-role).
+5. Within the modal that appears, provide the email of the user in the **Email or username** field and select the role to assign to that user from the **Select team role** dropdown. For more information about roles a user can have in a team, see [Team roles](#assign-or-update-a-team-members-role).
 6. Click the **Send invite** button.
 
 By default, only a team or instance admin can invite members to a team. To change this behavior, see [Team settings](/platform/app/settings-page/teams#privacy).
@@ -327,7 +325,7 @@ Custom roles let you tailor permissions beyond the built-in roles when the stand
 An Enterprise license is required to create or assign custom roles on Dedicated Cloud or Self-Managed deployments.
 </Note>
 
-Organization admins can compose a new role based on either the View-Only or Member role and add additional permissions to achieve fine-grained access control. Team admins can assign a custom role to a team member. You create custom roles at the organization level but assign them at the team level.
+Organization admins can compose a new role based on either the **Viewer** or **Member** predefined role and add additional permissions to achieve fine-grained access control. Team admins can assign a custom role to a team member. Custom roles are created at the organization level but are assigned at the team level.
 
 To create a custom role:
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,7 +6,7 @@ title: Download and use artifacts @@
     Download and use an artifact that is already stored on the W&B server or construct an artifact object and pass it in to for de-duplication as necessary.
     <Note>
-    Team members with view-only seats cannot download artifacts.
+    Team members with a Models **Viewer** seat cannot download artifacts.
     </Note>
@@ Expand Down @@