huggingface · alexpouliquen · Apr 20, 2026 · Apr 16, 2026 · Apr 16, 2026
diff --git a/docs/hub/enterprise-resource-groups.md b/docs/hub/enterprise-resource-groups.md
@@ -22,7 +22,7 @@ This feature allows organization administrators to:
 
 - Group related repositories together for better organization
 - Control member access at a group level rather than individual repository level
-- Assign different permission roles (read, contributor, write, admin) to team members
+- Assign different permission roles (no_access, read, contributor, write, admin) to team members
 - Keep private repositories visible only to authorized group members
 - Enable multiple teams to work independently within the same organization
 - Configure which member roles are allowed to create new resource groups

diff --git a/docs/hub/organizations-security.md b/docs/hub/organizations-security.md
@@ -8,7 +8,9 @@
 >
 > The Resource Group feature is part of the <a href="https://huggingface.co/enterprise">Team & Enterprise</a> plans.
 
-Members of organizations can have four different roles: `read`, `contributor`, `write`, or `admin`:
+Members of organizations can have five different roles: `no_access`, `read`, `contributor`, `write`, or `admin`:
+
+- `no_access`: the member belongs to the Organization but has no access to its repositories or settings. Use with [Resource Groups](./security-resource-groups) to grant access to specific repos only.
 
 - `read`: read-only access to the Organization's repos and metadata/settings (eg, the Organization's profile, members list, API token, etc).
 

diff --git a/docs/hub/programmatic-user-access-control.md b/docs/hub/programmatic-user-access-control.md
@@ -12,7 +12,7 @@ This guide describes how to manage organization member roles and resource group
 
 ## Change member role via API
 
-You can change a member's **organization role** (Read / Contributor / Write / Admin) and, optionally, their roles in **resource groups** using the Hub API. The API updates **one member per request**. To change roles for multiple members, call the API in a loop (examples below).
+You can change a member's **organization role** (No Access / Read / Contributor / Write / Admin) and, optionally, their roles in **resource groups** using the Hub API. The API updates **one member per request**. To change roles for multiple members, call the API in a loop (examples below).
 
 **OpenAPI reference:** <a href="https://huggingface.co/spaces/huggingface/openapi#tag/orgs/PUT/api/organizations/&#123;name&#125;/members/&#123;username&#125;/role" rel="nofollow">PUT /api/organizations/&#123;name&#125;/members/&#123;username&#125;/role</a>
 
@@ -50,7 +50,7 @@ Content-Type: application/json
   - `org_name`: Organization slug (e.g. `my-org`).
   - `username`: Hugging Face **username** of the member whose role you are changing.
 - **Body**
-  - `role` (required): The member's **organization-level** role. One of: `"read"`, `"contributor"`, `"write"`, or `"admin"`.
+  - `role` (required): The member's **organization-level** role. One of: `"no_access"`, `"read"`, `"contributor"`, `"write"`, or `"admin"`.
   - `resourceGroups` (optional): Array of resource group assignments for this user. Each item:
     - `id`: Resource group ID (24-character hex string; get IDs from the [resource groups list API](#list-resource-groups)).
     - `role`: Role in that resource group: `"read"`, `"contributor"`, `"write"`, or `"admin"`.