diff --git a/cadasta/config/permissions/data-collector.json b/cadasta/config/permissions/data-collector.json
new file mode 100644
index 000000000..65d22d16d
--- /dev/null
+++ b/cadasta/config/permissions/data-collector.json
@@ -0,0 +1,9 @@
+{
+  "clause": [
+    {
+      "effect": "allow",
+      "action": ["project.resources.*"]
+      "object": ["project/$organization/$project"],
+    }
+  ]
+}
diff --git a/cadasta/config/permissions/default.json b/cadasta/config/permissions/default.json
index 21eb01b80..7f118359f 100644
--- a/cadasta/config/permissions/default.json
+++ b/cadasta/config/permissions/default.json
@@ -2,12 +2,23 @@
   "clause": [
     {
       "effect": "allow",
-      "object": ["*"],
-      "action": ["org.list"]
-    }, {
+      "action": ["org.list", "org.create"]
+    },
+    {
       "effect": "allow",
-      "object": ["organization/*"],
       "action": ["org.view"]
+      "object": ["organization/*"],
+    },
+
+    {
+      "effect": "allow",
+      "action": ["project.list"],
+      "object": ["organization/*"]
+    },
+    {
+      "effect": "allow",
+      "action": ["project.view"],
+      "object": ["project/*/*"]
     }
-  ]   
+  ]
 }
diff --git a/cadasta/config/permissions/org-admin.json b/cadasta/config/permissions/org-admin.json
index 3fd019a7c..032aa7f70 100644
--- a/cadasta/config/permissions/org-admin.json
+++ b/cadasta/config/permissions/org-admin.json
@@ -2,12 +2,14 @@
   "clause": [
     {
       "effect": "allow",
-      "object": ["*"],
-      "action": ["org.*"]
-    }, {
+      "action": ["org.*", "org.*.*", "project.*", "project.*.*"]
+      "object": ["organization/$organization"],
+    },
+
+    {
       "effect": "allow",
-      "object": ["organization/*"],
-      "action": ["org.*"]
+      "action": ["project.*", "project.*.*"]
+      "object": ["project/$organization/*"],
     }
-  ]   
+  ]
 }
diff --git a/cadasta/config/permissions/project-manager.json b/cadasta/config/permissions/project-manager.json
new file mode 100644
index 000000000..a1f9258f7
--- /dev/null
+++ b/cadasta/config/permissions/project-manager.json
@@ -0,0 +1,14 @@
+{
+  "clause": [
+    {
+      "effect": "allow",
+      "action": ["project.*", "project.*.*"]
+      "object": ["project/$organization/$project"],
+    },
+    {
+      "effect": "deny",
+      "action": ["project.archive", "project.unarchive"]
+      "object": ["project/$organization/$project"],
+    }
+  ]
+}
diff --git a/cadasta/config/permissions/project-user.json b/cadasta/config/permissions/project-user.json
new file mode 100644
index 000000000..029e0b495
--- /dev/null
+++ b/cadasta/config/permissions/project-user.json
@@ -0,0 +1,13 @@
+{
+  "clause": [
+    {
+      "effect": "allow",
+      "action": ["org.list", "org.create"]
+    },
+    {
+      "effect": "allow",
+      "object": ["organization/*"],
+      "action": ["org.view"]
+    }
+  ]
+}
diff --git a/cadasta/config/permissions/superuser.json b/cadasta/config/permissions/superuser.json
index 610cf2ea3..34bf7de61 100644
--- a/cadasta/config/permissions/superuser.json
+++ b/cadasta/config/permissions/superuser.json
@@ -2,8 +2,33 @@
   "clause": [
     {
       "effect": "allow",
-      "object": ["organization/*"],
       "action": ["org.*"]
+    },
+    {
+      "effect": "allow",
+      "action": ["org.*", "org.*.*"]
+      "object": ["organization/*"],
+    },
+
+    {
+      "effect": "allow",
+      "action": ["project.*", "project.*.*"]
+      "object": ["organization/*"],
+    },
+    {
+      "effect": "allow",
+      "action": ["project.*", "project.*.*"]
+      "object": ["project/*/*"],
+    },
+
+    {
+      "effect": "allow",
+      "action": ["user.*"]
+    },
+    {
+      "effect": "allow",
+      "action": ["user.*"]
+      "object": ["user/*"],
     }
   ]
 }