diff --git a/hosting/couchdb/Dockerfile b/hosting/couchdb/Dockerfile
index 792856cac7..f83df7038b 100644
--- a/hosting/couchdb/Dockerfile
+++ b/hosting/couchdb/Dockerfile
@@ -29,7 +29,6 @@ WORKDIR /opt/couchdb
 ADD couch/vm.args couch/local.ini ./etc/
 
 WORKDIR /
-ADD build-target-paths.sh .
 ADD runner.sh ./bbcouch-runner.sh
-RUN chmod +x ./bbcouch-runner.sh /opt/clouseau/bin/clouseau ./build-target-paths.sh
+RUN chmod +x ./bbcouch-runner.sh /opt/clouseau/bin/clouseau
 CMD ["./bbcouch-runner.sh"]
diff --git a/hosting/couchdb/build-target-paths.sh b/hosting/couchdb/build-target-paths.sh
deleted file mode 100644
index 34227011f4..0000000000
--- a/hosting/couchdb/build-target-paths.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/bash
-
-echo ${TARGETBUILD} > /buildtarget.txt
-if [[ "${TARGETBUILD}" = "aas" ]]; then
-    # Azure AppService uses /home for persistent data & SSH on port 2222
-    DATA_DIR="${DATA_DIR:-/home}"
-    WEBSITES_ENABLE_APP_SERVICE_STORAGE=true
-    mkdir -p $DATA_DIR/{search,minio,couch}
-    mkdir -p $DATA_DIR/couch/{dbs,views}
-    chown -R couchdb:couchdb $DATA_DIR/couch/
-    apt update
-    apt-get install -y openssh-server
-    echo "root:Docker!" | chpasswd
-    mkdir -p /tmp
-    chmod +x /tmp/ssh_setup.sh \
-        && (sleep 1;/tmp/ssh_setup.sh 2>&1 > /dev/null)
-    cp /etc/sshd_config /etc/ssh/sshd_config
-    /etc/init.d/ssh restart
-    sed -i "s#DATA_DIR#/home#g" /opt/clouseau/clouseau.ini
-    sed -i "s#DATA_DIR#/home#g" /opt/couchdb/etc/local.ini
-else
-    sed -i "s#DATA_DIR#/data#g" /opt/clouseau/clouseau.ini
-    sed -i "s#DATA_DIR#/data#g" /opt/couchdb/etc/local.ini
-fi
\ No newline at end of file
diff --git a/hosting/couchdb/runner.sh b/hosting/couchdb/runner.sh
index 4102d2a751..b576c886c2 100644
--- a/hosting/couchdb/runner.sh
+++ b/hosting/couchdb/runner.sh
@@ -1,14 +1,73 @@
 #!/bin/bash
 
 DATA_DIR=${DATA_DIR:-/data}
+
 mkdir -p ${DATA_DIR}
 mkdir -p ${DATA_DIR}/couch/{dbs,views}
 mkdir -p ${DATA_DIR}/search
 chown -R couchdb:couchdb ${DATA_DIR}/couch
-/build-target-paths.sh
+
+echo ${TARGETBUILD} > /buildtarget.txt
+if [[ "${TARGETBUILD}" = "aas" ]]; then
+    # Azure AppService uses /home for persistent data & SSH on port 2222
+    DATA_DIR="${DATA_DIR:-/home}"
+    WEBSITES_ENABLE_APP_SERVICE_STORAGE=true
+    mkdir -p $DATA_DIR/{search,minio,couch}
+    mkdir -p $DATA_DIR/couch/{dbs,views}
+    chown -R couchdb:couchdb $DATA_DIR/couch/
+    apt update
+    apt-get install -y openssh-server
+    echo "root:Docker!" | chpasswd
+    mkdir -p /tmp
+    chmod +x /tmp/ssh_setup.sh \
+        && (sleep 1;/tmp/ssh_setup.sh 2>&1 > /dev/null)
+    cp /etc/sshd_config /etc/ssh/sshd_config
+    /etc/init.d/ssh restart
+    sed -i "s#DATA_DIR#/home#g" /opt/clouseau/clouseau.ini
+    sed -i "s#DATA_DIR#/home#g" /opt/couchdb/etc/local.ini
+elif [[ "${TARGETBUILD}" = "single" ]]; then
+    # In the single image build, the Dockerfile specifies /data as a volume
+    # mount, so we use that for all persistent data.
+    sed -i "s#DATA_DIR#/data#g" /opt/clouseau/clouseau.ini
+    sed -i "s#DATA_DIR#/data#g" /opt/couchdb/etc/local.ini
+elif [[ -n $KUBERNETES_SERVICE_HOST ]]; then
+    # In Kubernetes the directory /opt/couchdb/data has a persistent volume
+    # mount for storing database data.
+    sed -i "s#DATA_DIR#/opt/couchdb/data#g" /opt/clouseau/clouseau.ini
+
+    # We remove the database_dir and view_index_dir settings from the local.ini
+    # in Kubernetes because it will default to /opt/couchdb/data which is what
+    # our Helm chart was using prior to us switching to using our own CouchDB
+    # image.
+    sed -i "s#^database_dir.*\$##g" /opt/couchdb/etc/local.ini
+    sed -i "s#^view_index_dir.*\$##g" /opt/couchdb/etc/local.ini
+
+    # We remove the -name setting from the vm.args file in Kubernetes because
+    # it will default to the pod FQDN, which is what's required for clustering
+    # to work.
+    sed -i "s/^-name .*$//g" /opt/couchdb/etc/vm.args
+else
+    # For all other builds, we use /data for persistent data.
+    sed -i "s#DATA_DIR#/data#g" /opt/clouseau/clouseau.ini
+    sed -i "s#DATA_DIR#/data#g" /opt/couchdb/etc/local.ini
+fi
+
+# Start Clouseau. Budibase won't function correctly without Clouseau running, it
+# powers the search API endpoints which are used to do all sorts, including
+# populating app grids.
 /opt/clouseau/bin/clouseau > /dev/stdout 2>&1 &
+
+# Start CouchDB.
 /docker-entrypoint.sh /opt/couchdb/bin/couchdb &
-sleep 10
+
+# Wati for CouchDB to start up.
+while [[ $(curl -s -w "%{http_code}\n" http://localhost:5984/_up -o /dev/null) -ne 200 ]]; do
+    echo 'Waiting for CouchDB to start...';
+    sleep 5;
+done
+
+# CouchDB needs the `_users` and `_replicator` databases to exist before it will
+# function correctly, so we create them here.
 curl -X PUT http://${COUCHDB_USER}:${COUCHDB_PASSWORD}@localhost:5984/_users
 curl -X PUT http://${COUCHDB_USER}:${COUCHDB_PASSWORD}@localhost:5984/_replicator
 sleep infinity
\ No newline at end of file
diff --git a/hosting/single/Dockerfile b/hosting/single/Dockerfile
index ec03a1b5a2..e9ff6c6596 100644
--- a/hosting/single/Dockerfile
+++ b/hosting/single/Dockerfile
@@ -94,8 +94,6 @@ RUN chmod +x ./healthcheck.sh
 # For Azure App Service install SSH & point data locations to /home
 COPY hosting/single/ssh/sshd_config /etc/
 COPY hosting/single/ssh/ssh_setup.sh /tmp
-RUN /build-target-paths.sh
-
 
 #  setup letsencrypt certificate
 RUN apt-get install -y certbot python3-certbot-nginx
diff --git a/hosting/single/runner.sh b/hosting/single/runner.sh
index 87201c95c0..f4b2b5b127 100644
--- a/hosting/single/runner.sh
+++ b/hosting/single/runner.sh
@@ -22,11 +22,11 @@ declare -a DOCKER_VARS=("APP_PORT" "APPS_URL" "ARCHITECTURE" "BUDIBASE_ENVIRONME
 
 # Azure App Service customisations
 if [[ "${TARGETBUILD}" = "aas" ]]; then
-    DATA_DIR="${DATA_DIR:-/home}"
+    export DATA_DIR="${DATA_DIR:-/home}"
     WEBSITES_ENABLE_APP_SERVICE_STORAGE=true
     /etc/init.d/ssh start
 else
-    DATA_DIR=${DATA_DIR:-/data}
+    export DATA_DIR=${DATA_DIR:-/data}
 fi
 mkdir -p ${DATA_DIR}
 # Mount NFS or GCP Filestore if env vars exist for it
diff --git a/lerna.json b/lerna.json
index faba64ce90..e54b76c5e9 100644
--- a/lerna.json
+++ b/lerna.json
@@ -1,5 +1,5 @@
 {
-  "version": "2.13.15",
+  "version": "2.13.19",
   "npmClient": "yarn",
   "packages": [
     "packages/*"
diff --git a/packages/backend-core/src/objectStore/objectStore.ts b/packages/backend-core/src/objectStore/objectStore.ts
index cdaf19fa55..1971c09e9d 100644
--- a/packages/backend-core/src/objectStore/objectStore.ts
+++ b/packages/backend-core/src/objectStore/objectStore.ts
@@ -260,12 +260,12 @@ export async function listAllObjects(bucketName: string, path: string) {
 }
 
 /**
- * Generate a presigned url with a default TTL of 1 hour
+ * Generate a presigned url with a default TTL of 36 hours
  */
 export function getPresignedUrl(
   bucketName: string,
   key: string,
-  durationSeconds: number = 3600
+  durationSeconds: number = 129600
 ) {
   const objectStore = ObjectStore(bucketName, { presigning: true })
   const params = {
diff --git a/packages/backend-core/src/security/permissions.ts b/packages/backend-core/src/security/permissions.ts
index fe4095d210..98704f16c6 100644
--- a/packages/backend-core/src/security/permissions.ts
+++ b/packages/backend-core/src/security/permissions.ts
@@ -160,4 +160,5 @@ export function isPermissionLevelHigherThanRead(level: PermissionLevel) {
 
 // utility as a lot of things need simply the builder permission
 export const BUILDER = PermissionType.BUILDER
+export const CREATOR = PermissionType.CREATOR
 export const GLOBAL_BUILDER = PermissionType.GLOBAL_BUILDER
diff --git a/packages/backend-core/src/users/db.ts b/packages/backend-core/src/users/db.ts
index 2b6fd52d44..326bed3cc5 100644
--- a/packages/backend-core/src/users/db.ts
+++ b/packages/backend-core/src/users/db.ts
@@ -146,12 +146,12 @@ export class UserDB {
 
   static async allUsers() {
     const db = getGlobalDB()
-    const response = await db.allDocs(
+    const response = await db.allDocs<User>(
       dbUtils.getGlobalUserParams(null, {
         include_docs: true,
       })
     )
-    return response.rows.map((row: any) => row.doc)
+    return response.rows.map(row => row.doc!)
   }
 
   static async countUsersByApp(appId: string) {
@@ -209,13 +209,6 @@ export class UserDB {
       throw new Error("_id or email is required")
     }
 
-    if (
-      user.builder?.apps?.length &&
-      !(await UserDB.features.isAppBuildersEnabled())
-    ) {
-      throw new Error("Unable to update app builders, please check license")
-    }
-
     let dbUser: User | undefined
     if (_id) {
       // try to get existing user from db
diff --git a/packages/backend-core/src/users/users.ts b/packages/backend-core/src/users/users.ts
index 6aed45371a..cc2b4fc27f 100644
--- a/packages/backend-core/src/users/users.ts
+++ b/packages/backend-core/src/users/users.ts
@@ -25,6 +25,7 @@ import {
 import { getGlobalDB } from "../context"
 import * as context from "../context"
 import { isCreator } from "./utils"
+import { UserDB } from "./db"
 
 type GetOpts = { cleanup?: boolean }
 
@@ -336,3 +337,20 @@ export function cleanseUserObject(user: User | ContextUser, base?: User) {
   }
   return user
 }
+
+export async function addAppBuilder(user: User, appId: string) {
+  const prodAppId = getProdAppID(appId)
+  user.builder ??= {}
+  user.builder.creator = true
+  user.builder.apps ??= []
+  user.builder.apps.push(prodAppId)
+  await UserDB.save(user, { hashPassword: false })
+}
+
+export async function removeAppBuilder(user: User, appId: string) {
+  const prodAppId = getProdAppID(appId)
+  if (user.builder && user.builder.apps?.includes(prodAppId)) {
+    user.builder.apps = user.builder.apps.filter(id => id !== prodAppId)
+  }
+  await UserDB.save(user, { hashPassword: false })
+}
diff --git a/packages/bbui/src/ButtonGroup/ButtonGroup.svelte b/packages/bbui/src/ButtonGroup/ButtonGroup.svelte
index 3768fc1954..7c53f642b0 100644
--- a/packages/bbui/src/ButtonGroup/ButtonGroup.svelte
+++ b/packages/bbui/src/ButtonGroup/ButtonGroup.svelte
@@ -2,7 +2,7 @@
   import "@spectrum-css/buttongroup/dist/index-vars.css"
 
   export let vertical = false
-  export let gap = ""
+  export let gap = "M"
 
   $: gapStyle =
     gap === "L"
diff --git a/packages/bbui/src/FancyForm/FancySelect.svelte b/packages/bbui/src/FancyForm/FancySelect.svelte
index e015f51570..14911f10ab 100644
--- a/packages/bbui/src/FancyForm/FancySelect.svelte
+++ b/packages/bbui/src/FancyForm/FancySelect.svelte
@@ -12,11 +12,13 @@
   export let error = null
   export let validate = null
   export let options = []
+  export let footer = null
   export let isOptionEnabled = () => true
   export let getOptionLabel = option => extractProperty(option, "label")
   export let getOptionValue = option => extractProperty(option, "value")
   export let getOptionSubtitle = option => extractProperty(option, "subtitle")
   export let getOptionColour = () => null
+
   const dispatch = createEventDispatcher()
 
   let open = false
@@ -100,6 +102,7 @@
     {error}
     {disabled}
     {options}
+    {footer}
     {getOptionLabel}
     {getOptionValue}
     {getOptionSubtitle}
diff --git a/packages/bbui/src/Form/Core/InputDropdown.svelte b/packages/bbui/src/Form/Core/InputDropdown.svelte
index 153501ce5a..128353b7b9 100644
--- a/packages/bbui/src/Form/Core/InputDropdown.svelte
+++ b/packages/bbui/src/Form/Core/InputDropdown.svelte
@@ -17,7 +17,7 @@
   export let options = []
   export let getOptionLabel = option => extractProperty(option, "label")
   export let getOptionValue = option => extractProperty(option, "value")
-
+  export let getOptionSubtitle = option => option?.subtitle
   export let isOptionSelected = () => false
 
   const dispatch = createEventDispatcher()
@@ -135,7 +135,7 @@
       class="spectrum-Textfield-input spectrum-InputGroup-input"
     />
   </div>
-  <div style="width: 30%">
+  <div style="width: 40%">
     <button
       {id}
       class="spectrum-Picker spectrum-Picker--sizeM override-borders"
@@ -157,38 +157,43 @@
         <use xlink:href="#spectrum-css-icon-Chevron100" />
       </svg>
     </button>
-    {#if open}
-      <div
-        use:clickOutside={handleOutsideClick}
-        transition:fly|local={{ y: -20, duration: 200 }}
-        class="spectrum-Popover spectrum-Popover--bottom spectrum-Picker-popover is-open"
-      >
-        <ul class="spectrum-Menu" role="listbox">
-          {#each options as option, idx}
-            <li
-              class="spectrum-Menu-item"
-              class:is-selected={isOptionSelected(getOptionValue(option, idx))}
-              role="option"
-              aria-selected="true"
-              tabindex="0"
-              on:click={() => onPick(getOptionValue(option, idx))}
-            >
-              <span class="spectrum-Menu-itemLabel">
-                {getOptionLabel(option, idx)}
-              </span>
-              <svg
-                class="spectrum-Icon spectrum-UIIcon-Checkmark100 spectrum-Menu-checkmark spectrum-Menu-itemIcon"
-                focusable="false"
-                aria-hidden="true"
-              >
-                <use xlink:href="#spectrum-css-icon-Checkmark100" />
-              </svg>
-            </li>
-          {/each}
-        </ul>
-      </div>
-    {/if}
   </div>
+  {#if open}
+    <div
+      use:clickOutside={handleOutsideClick}
+      transition:fly|local={{ y: -20, duration: 200 }}
+      class="spectrum-Popover spectrum-Popover--bottom spectrum-Picker-popover is-open"
+    >
+      <ul class="spectrum-Menu" role="listbox">
+        {#each options as option, idx}
+          <li
+            class="spectrum-Menu-item"
+            class:is-selected={isOptionSelected(getOptionValue(option, idx))}
+            role="option"
+            aria-selected="true"
+            tabindex="0"
+            on:click={() => onPick(getOptionValue(option, idx))}
+          >
+            <span class="spectrum-Menu-itemLabel">
+              {getOptionLabel(option, idx)}
+              {#if getOptionSubtitle(option, idx)}
+                <span class="subtitle-text">
+                  {getOptionSubtitle(option, idx)}
+                </span>
+              {/if}
+            </span>
+            <svg
+              class="spectrum-Icon spectrum-UIIcon-Checkmark100 spectrum-Menu-checkmark spectrum-Menu-itemIcon"
+              focusable="false"
+              aria-hidden="true"
+            >
+              <use xlink:href="#spectrum-css-icon-Checkmark100" />
+            </svg>
+          </li>
+        {/each}
+      </ul>
+    </div>
+  {/if}
 </div>
 
 <style>
@@ -196,7 +201,6 @@
     min-width: 0;
     width: 100%;
   }
-
   .spectrum-InputGroup-input {
     border-right-width: 1px;
   }
@@ -206,7 +210,6 @@
   .spectrum-Textfield-input {
     width: 0;
   }
-
   .override-borders {
     border-top-left-radius: 0px;
     border-bottom-left-radius: 0px;
@@ -215,5 +218,18 @@
     max-height: 240px;
     z-index: 999;
     top: 100%;
+    width: 100%;
+  }
+  .subtitle-text {
+    font-size: 12px;
+    line-height: 15px;
+    font-weight: 500;
+    color: var(--spectrum-global-color-gray-600);
+    display: block;
+    margin-top: var(--spacing-s);
+  }
+  .spectrum-Menu-checkmark {
+    align-self: center;
+    margin-top: 0;
   }
 </style>
diff --git a/packages/bbui/src/Form/Core/Picker.svelte b/packages/bbui/src/Form/Core/Picker.svelte
index 6361b345d1..94fbe73cf2 100644
--- a/packages/bbui/src/Form/Core/Picker.svelte
+++ b/packages/bbui/src/Form/Core/Picker.svelte
@@ -224,13 +224,12 @@
               </span>
             {/if}
             <span class="spectrum-Menu-itemLabel">
-              {#if getOptionSubtitle(option, idx)}
-                <span class="subtitle-text"
-                  >{getOptionSubtitle(option, idx)}</span
-                >
-              {/if}
-
               {getOptionLabel(option, idx)}
+              {#if getOptionSubtitle(option, idx)}
+                <span class="subtitle-text">
+                  {getOptionSubtitle(option, idx)}
+                </span>
+              {/if}
             </span>
             {#if option.tag}
               <span class="option-tag">
@@ -275,10 +274,9 @@
     font-size: 12px;
     line-height: 15px;
     font-weight: 500;
-    top: 10px;
     color: var(--spectrum-global-color-gray-600);
     display: block;
-    margin-bottom: var(--spacing-s);
+    margin-top: var(--spacing-s);
   }
 
   .spectrum-Picker-label.auto-width {
diff --git a/packages/bbui/src/Form/Core/Select.svelte b/packages/bbui/src/Form/Core/Select.svelte
index e928ae689d..be22000f0b 100644
--- a/packages/bbui/src/Form/Core/Select.svelte
+++ b/packages/bbui/src/Form/Core/Select.svelte
@@ -10,8 +10,9 @@
   export let getOptionLabel = option => option
   export let getOptionValue = option => option
   export let getOptionIcon = () => null
-  export let useOptionIconImage = false
   export let getOptionColour = () => null
+  export let getOptionSubtitle = () => null
+  export let useOptionIconImage = false
   export let isOptionEnabled
   export let readonly = false
   export let quiet = false
@@ -82,8 +83,9 @@
   {getOptionLabel}
   {getOptionValue}
   {getOptionIcon}
-  {useOptionIconImage}
   {getOptionColour}
+  {getOptionSubtitle}
+  {useOptionIconImage}
   {isOptionEnabled}
   {autocomplete}
   {sort}
diff --git a/packages/bbui/src/Form/InputDropdown.svelte b/packages/bbui/src/Form/InputDropdown.svelte
index 93766495b8..54b07cf0d7 100644
--- a/packages/bbui/src/Form/InputDropdown.svelte
+++ b/packages/bbui/src/Form/InputDropdown.svelte
@@ -43,6 +43,7 @@
     {quiet}
     {autofocus}
     {options}
+    isOptionSelected={option => option === dropdownValue}
     on:change={onChange}
     on:pick={onPick}
     on:click
diff --git a/packages/bbui/src/Form/Select.svelte b/packages/bbui/src/Form/Select.svelte
index f9d9532ba5..8235b68faf 100644
--- a/packages/bbui/src/Form/Select.svelte
+++ b/packages/bbui/src/Form/Select.svelte
@@ -13,9 +13,10 @@
   export let options = []
   export let getOptionLabel = option => extractProperty(option, "label")
   export let getOptionValue = option => extractProperty(option, "value")
+  export let getOptionSubtitle = option => option?.subtitle
   export let getOptionIcon = option => option?.icon
-  export let useOptionIconImage = false
   export let getOptionColour = option => option?.colour
+  export let useOptionIconImage = false
   export let isOptionEnabled
   export let quiet = false
   export let autoWidth = false
@@ -58,6 +59,7 @@
     {getOptionValue}
     {getOptionIcon}
     {getOptionColour}
+    {getOptionSubtitle}
     {useOptionIconImage}
     {isOptionEnabled}
     {autocomplete}
diff --git a/packages/builder/src/components/automation/SetupPanel/RowSelectorTypes.svelte b/packages/builder/src/components/automation/SetupPanel/RowSelectorTypes.svelte
index 86235297ae..3fd2708186 100644
--- a/packages/builder/src/components/automation/SetupPanel/RowSelectorTypes.svelte
+++ b/packages/builder/src/components/automation/SetupPanel/RowSelectorTypes.svelte
@@ -64,7 +64,7 @@
   </span>
 {:else if schema.type === "link"}
   <LinkedRowSelector
-    bind:linkedRows={value[field]}
+    linkedRows={value[field]}
     {schema}
     on:change={e => onChange(e, field)}
     useLabel={false}
diff --git a/packages/builder/src/components/backend/DataTable/RowFieldControl.svelte b/packages/builder/src/components/backend/DataTable/RowFieldControl.svelte
index 61b706e28e..1ec32cb3fd 100644
--- a/packages/builder/src/components/backend/DataTable/RowFieldControl.svelte
+++ b/packages/builder/src/components/backend/DataTable/RowFieldControl.svelte
@@ -70,7 +70,12 @@
     options={meta.constraints.inclusion}
   />
 {:else if type === "link"}
-  <LinkedRowSelector {error} bind:linkedRows={value} schema={meta} />
+  <LinkedRowSelector
+    {error}
+    linkedRows={value}
+    schema={meta}
+    on:change={e => (value = e.detail)}
+  />
 {:else if type === "longform"}
   {#if meta.useRichText}
     <RichTextField {error} {label} height="150px" bind:value />
diff --git a/packages/builder/src/components/common/LinkedRowSelector.svelte b/packages/builder/src/components/common/LinkedRowSelector.svelte
index 839075ba89..bf851eadb6 100644
--- a/packages/builder/src/components/common/LinkedRowSelector.svelte
+++ b/packages/builder/src/components/common/LinkedRowSelector.svelte
@@ -56,12 +56,12 @@
   />
 {:else}
   <Multiselect
-    bind:value={linkedIds}
+    value={linkedIds}
     {label}
     options={rows}
     getOptionLabel={getPrettyName}
     getOptionValue={row => row._id}
     sort
-    on:change={() => dispatch("change", linkedIds)}
+    on:change
   />
 {/if}
diff --git a/packages/builder/src/components/common/RoleSelect.svelte b/packages/builder/src/components/common/RoleSelect.svelte
index 2df61926e1..1158107fd6 100644
--- a/packages/builder/src/components/common/RoleSelect.svelte
+++ b/packages/builder/src/components/common/RoleSelect.svelte
@@ -20,73 +20,91 @@
   export let allowedRoles = null
   export let allowCreator = false
   export let fancySelect = false
+  export let labelPrefix = null
 
   const dispatch = createEventDispatcher()
   const RemoveID = "remove"
 
+  $: enrichLabel = label => (labelPrefix ? `${labelPrefix} ${label}` : label)
   $: options = getOptions(
     $roles,
     allowPublic,
     allowRemove,
     allowedRoles,
-    allowCreator
+    allowCreator,
+    enrichLabel
   )
+
   const getOptions = (
     roles,
     allowPublic,
     allowRemove,
     allowedRoles,
-    allowCreator
+    allowCreator,
+    enrichLabel
   ) => {
+    // Use roles whitelist if specified
     if (allowedRoles?.length) {
-      const filteredRoles = roles.filter(role =>
-        allowedRoles.includes(role._id)
-      )
-      return [
-        ...filteredRoles,
-        ...(allowedRoles.includes(Constants.Roles.CREATOR)
-          ? [{ _id: Constants.Roles.CREATOR, name: "Creator", enabled: false }]
-          : []),
-      ]
-    }
-    let newRoles = [...roles]
-
-    if (allowCreator) {
-      newRoles = [
-        {
+      let options = roles
+        .filter(role => allowedRoles.includes(role._id))
+        .map(role => ({
+          name: enrichLabel(role.name),
+          _id: role._id,
+        }))
+      if (allowedRoles.includes(Constants.Roles.CREATOR)) {
+        options.push({
           _id: Constants.Roles.CREATOR,
-          name: "Creator",
-          tag:
-            !$licensing.perAppBuildersEnabled &&
-            capitalise(Constants.PlanType.BUSINESS),
-        },
-        ...newRoles,
-      ]
+          name: "Can edit",
+          enabled: false,
+        })
+      }
+      return options
     }
+
+    // Allow all core roles
+    let options = roles.map(role => ({
+      name: enrichLabel(role.name),
+      _id: role._id,
+    }))
+
+    // Add creator if required
+    if (allowCreator) {
+      options.unshift({
+        _id: Constants.Roles.CREATOR,
+        name: "Can edit",
+        tag:
+          !$licensing.perAppBuildersEnabled &&
+          capitalise(Constants.PlanType.BUSINESS),
+      })
+    }
+
+    // Add remove option if required
     if (allowRemove) {
-      newRoles = [
-        ...newRoles,
-        {
-          _id: RemoveID,
-          name: "Remove",
-        },
-      ]
+      options.push({
+        _id: RemoveID,
+        name: "Remove",
+      })
     }
-    if (allowPublic) {
-      return newRoles
+
+    // Remove public if not allowed
+    if (!allowPublic) {
+      options = options.filter(role => role._id !== Constants.Roles.PUBLIC)
     }
-    return newRoles.filter(role => role._id !== Constants.Roles.PUBLIC)
+
+    return options
   }
 
   const getColor = role => {
-    if (allowRemove && role._id === RemoveID) {
+    // Creator and remove options have no colors
+    if (role._id === Constants.Roles.CREATOR || role._id === RemoveID) {
       return null
     }
     return RoleUtils.getRoleColour(role._id)
   }
 
   const getIcon = role => {
-    if (allowRemove && role._id === RemoveID) {
+    // Only remove option has an icon
+    if (role._id === RemoveID) {
       return "Close"
     }
     return null
diff --git a/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte b/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte
index c3bb5171a4..b937d69fd7 100644
--- a/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte
@@ -364,7 +364,10 @@
     const payload = [
       {
         email: newUserEmail,
-        builder: { global: creationRoleType === Constants.BudibaseRoles.Admin },
+        builder: {
+          global: creationRoleType === Constants.BudibaseRoles.Admin,
+          creator: creationRoleType === Constants.BudibaseRoles.Creator,
+        },
         admin: { global: creationRoleType === Constants.BudibaseRoles.Admin },
       },
     ]
@@ -471,10 +474,6 @@
     await users.removeAppBuilder(userId, prodAppId)
   }
 
-  const addGroupAppBuilder = async groupId => {
-    await groups.actions.addGroupAppBuilder(groupId, prodAppId)
-  }
-
   const removeGroupAppBuilder = async groupId => {
     await groups.actions.removeGroupAppBuilder(groupId, prodAppId)
   }
@@ -495,14 +494,12 @@
   }
 
   const getInviteRoleValue = invite => {
-    if (invite.info?.admin?.global && invite.info?.builder?.global) {
-      return Constants.Roles.ADMIN
-    }
-
-    if (invite.info?.builder?.apps?.includes(prodAppId)) {
+    if (
+      (invite.info?.admin?.global && invite.info?.builder?.global) ||
+      invite.info?.builder?.apps?.includes(prodAppId)
+    ) {
       return Constants.Roles.CREATOR
     }
-
     return invite.info.apps?.[prodAppId]
   }
 
@@ -512,7 +509,7 @@
       return `This user has been given ${role?.name} access from the ${user.group} group`
     }
     if (user.isAdminOrGlobalBuilder) {
-      return "This user's role grants admin access to all apps"
+      return "Account admins can edit all apps"
     }
     return null
   }
@@ -523,6 +520,18 @@
     }
     return user.role
   }
+
+  const checkAppAccess = e => {
+    // Ensure we don't get into an invalid combo of tenant role and app access
+    if (
+      e.detail === Constants.BudibaseRoles.AppUser &&
+      creationAccessType === Constants.Roles.CREATOR
+    ) {
+      creationAccessType = Constants.Roles.BASIC
+    } else if (e.detail === Constants.BudibaseRoles.Admin) {
+      creationAccessType = Constants.Roles.CREATOR
+    }
+  }
 </script>
 
 <svelte:window on:keydown={handleKeyDown} />
@@ -650,8 +659,9 @@
                       autoWidth
                       align="right"
                       allowedRoles={user.isAdminOrGlobalBuilder
-                        ? [Constants.Roles.ADMIN]
+                        ? [Constants.Roles.CREATOR]
                         : null}
+                      labelPrefix="Can use as"
                     />
                   </div>
                 </div>
@@ -695,19 +705,16 @@
                       allowRemove={group.role}
                       allowPublic={false}
                       quiet={true}
-                      allowCreator={true}
+                      allowCreator={group.role === Constants.Roles.CREATOR}
                       on:change={e => {
-                        if (e.detail === Constants.Roles.CREATOR) {
-                          addGroupAppBuilder(group._id)
-                        } else {
-                          onUpdateGroup(group, e.detail)
-                        }
+                        onUpdateGroup(group, e.detail)
                       }}
                       on:remove={() => {
                         onUpdateGroup(group)
                       }}
                       autoWidth
                       align="right"
+                      labelPrefix="Can use as"
                     />
                   </div>
                 </div>
@@ -753,6 +760,7 @@
                       allowedRoles={user.isAdminOrGlobalBuilder
                         ? [Constants.Roles.CREATOR]
                         : null}
+                      labelPrefix="Can use as"
                     />
                   </div>
                 </div>
@@ -804,33 +812,34 @@
             <FancySelect
               bind:value={creationRoleType}
               options={sdk.users.isAdmin($auth.user)
-                ? Constants.BudibaseRoleOptionsNew
-                : Constants.BudibaseRoleOptionsNew.filter(
+                ? Constants.BudibaseRoleOptions
+                : Constants.BudibaseRoleOptions.filter(
                     option => option.value !== Constants.BudibaseRoles.Admin
                   )}
-              label="Access"
+              label="Role"
+              on:change={checkAppAccess}
             />
-            {#if creationRoleType !== Constants.BudibaseRoles.Admin}
-              <span class="role-wrap">
-                <RoleSelect
-                  placeholder={false}
-                  bind:value={creationAccessType}
-                  allowPublic={false}
-                  allowCreator={true}
-                  quiet={true}
-                  autoWidth
-                  align="right"
-                  fancySelect
-                />
-              </span>
-            {/if}
+            <span class="role-wrap">
+              <RoleSelect
+                placeholder={false}
+                bind:value={creationAccessType}
+                allowPublic={false}
+                allowCreator={creationRoleType !==
+                  Constants.BudibaseRoles.AppUser}
+                quiet={true}
+                autoWidth
+                align="right"
+                fancySelect
+                allowedRoles={creationRoleType === Constants.BudibaseRoles.Admin
+                  ? [Constants.Roles.CREATOR]
+                  : null}
+                footer={getRoleFooter({
+                  isAdminOrGlobalBuilder:
+                    creationRoleType === Constants.BudibaseRoles.Admin,
+                })}
+              />
+            </span>
           </FancyForm>
-          {#if creationRoleType === Constants.BudibaseRoles.Admin}
-            <div class="admin-info">
-              <Icon name="Info" />
-              Admins will get full access to all apps and settings
-            </div>
-          {/if}
           <span class="add-user">
             <Button
               newStyles
@@ -871,16 +880,6 @@
     display: grid;
   }
 
-  .admin-info {
-    margin-top: var(--spacing-xl);
-    padding: var(--spacing-l) var(--spacing-l) var(--spacing-l) var(--spacing-l);
-    display: flex;
-    align-items: center;
-    gap: var(--spacing-xl);
-    height: 30px;
-    background-color: var(--background-alt);
-  }
-
   .underlined {
     text-decoration: underline;
     cursor: pointer;
@@ -898,7 +897,6 @@
     display: flex;
     flex-direction: column;
     gap: var(--spacing-s);
-    width: 400px;
   }
 
   .auth-entity-meta {
@@ -927,7 +925,7 @@
   .auth-entity,
   .auth-entity-header {
     display: grid;
-    grid-template-columns: 1fr 110px;
+    grid-template-columns: 1fr 180px;
     align-items: center;
     gap: var(--spacing-xl);
   }
@@ -958,7 +956,7 @@
     overflow-y: auto;
     overflow-x: hidden;
     position: absolute;
-    width: 400px;
+    width: 440px;
     right: 0;
     height: 100%;
     box-shadow: 0 0 40px 10px rgba(0, 0, 0, 0.1);
diff --git a/packages/builder/src/pages/builder/app/[application]/settings/_layout.svelte b/packages/builder/src/pages/builder/app/[application]/settings/_layout.svelte
index 801ddd1130..899b58ecf0 100644
--- a/packages/builder/src/pages/builder/app/[application]/settings/_layout.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/settings/_layout.svelte
@@ -4,8 +4,6 @@
   import { url, isActive } from "@roxi/routify"
   import DeleteModal from "components/deploy/DeleteModal.svelte"
   import { isOnlyUser } from "builderStore"
-  import { auth } from "stores/portal"
-  import { sdk } from "@budibase/shared-core"
 
   let deleteModal
 </script>
@@ -46,24 +44,22 @@
             url={$url("./version")}
             active={$isActive("./version")}
           />
-          {#if sdk.users.isGlobalBuilder($auth.user)}
-            <div class="delete-action">
-              <AbsTooltip
-                position={TooltipPosition.Bottom}
-                text={$isOnlyUser
-                  ? null
-                  : "Unavailable - another user is editing this app"}
-              >
-                <SideNavItem
-                  text="Delete app"
-                  disabled={!$isOnlyUser}
-                  on:click={() => {
-                    deleteModal.show()
-                  }}
-                />
-              </AbsTooltip>
-            </div>
-          {/if}
+          <div class="delete-action">
+            <AbsTooltip
+              position={TooltipPosition.Bottom}
+              text={$isOnlyUser
+                ? null
+                : "Unavailable - another user is editing this app"}
+            >
+              <SideNavItem
+                text="Delete app"
+                disabled={!$isOnlyUser}
+                on:click={() => {
+                  deleteModal.show()
+                }}
+              />
+            </AbsTooltip>
+          </div>
         </SideNav>
         <slot />
       </Content>
diff --git a/packages/builder/src/pages/builder/portal/_layout.svelte b/packages/builder/src/pages/builder/portal/_layout.svelte
index ad172e34ca..aad33f852a 100644
--- a/packages/builder/src/pages/builder/portal/_layout.svelte
+++ b/packages/builder/src/pages/builder/portal/_layout.svelte
@@ -16,7 +16,7 @@
   let activeTab = "Apps"
 
   $: $url(), updateActiveTab($menu)
-  $: isOnboarding = !$apps.length && sdk.users.isGlobalBuilder($auth.user)
+  $: isOnboarding = !$apps.length && sdk.users.hasBuilderPermissions($auth.user)
 
   const updateActiveTab = menu => {
     for (let entry of menu) {
diff --git a/packages/builder/src/pages/builder/portal/apps/_layout.svelte b/packages/builder/src/pages/builder/portal/apps/_layout.svelte
index 4067856bfa..8810edca9c 100644
--- a/packages/builder/src/pages/builder/portal/apps/_layout.svelte
+++ b/packages/builder/src/pages/builder/portal/apps/_layout.svelte
@@ -14,7 +14,7 @@
   import PortalSideBar from "./_components/PortalSideBar.svelte"
 
   // Don't block loading if we've already hydrated state
-  let loaded = $apps.length != null
+  let loaded = !!$apps?.length
 
   onMount(async () => {
     try {
@@ -34,7 +34,7 @@
       }
 
       // Go to new app page if no apps exists
-      if (!$apps.length && sdk.users.isGlobalBuilder($auth.user)) {
+      if (!$apps.length && sdk.users.hasBuilderPermissions($auth.user)) {
         $redirect("./onboarding")
       }
     } catch (error) {
diff --git a/packages/builder/src/pages/builder/portal/apps/index.svelte b/packages/builder/src/pages/builder/portal/apps/index.svelte
index 59267f37e7..cf2c61b11d 100644
--- a/packages/builder/src/pages/builder/portal/apps/index.svelte
+++ b/packages/builder/src/pages/builder/portal/apps/index.svelte
@@ -1,5 +1,6 @@
 <script>
   import {
+    banner,
     Heading,
     Layout,
     Button,
@@ -10,6 +11,7 @@
     Notification,
     Body,
     Search,
+    BANNER_TYPES,
   } from "@budibase/bbui"
   import Spinner from "components/common/Spinner.svelte"
   import CreateAppModal from "components/start/CreateAppModal.svelte"
@@ -198,6 +200,20 @@
       if (usersLimitLockAction) {
         usersLimitLockAction()
       }
+      if (!$admin.isDev) {
+        await banner.show({
+          messages: [
+            {
+              message:
+                "We've updated our pricing - see our website to learn more.",
+              type: BANNER_TYPES.NEUTRAL,
+              extraButtonText: "Learn More",
+              extraButtonAction: () =>
+                window.open("https://budibase.com/pricing"),
+            },
+          ],
+        })
+      }
     } catch (error) {
       notifications.error("Error getting init info")
     }
@@ -237,7 +253,7 @@
     {#if enrichedApps.length}
       <Layout noPadding gap="L">
         <div class="title">
-          {#if $auth.user && sdk.users.isGlobalBuilder($auth.user)}
+          {#if $auth.user && sdk.users.canCreateApps($auth.user)}
             <div class="buttons">
               <Button
                 size="M"
diff --git a/packages/builder/src/pages/builder/portal/apps/onboarding/index.svelte b/packages/builder/src/pages/builder/portal/apps/onboarding/index.svelte
index efc9236699..e8d4309dd5 100644
--- a/packages/builder/src/pages/builder/portal/apps/onboarding/index.svelte
+++ b/packages/builder/src/pages/builder/portal/apps/onboarding/index.svelte
@@ -52,7 +52,7 @@
       goToApp()
     } catch (e) {
       loading = false
-      notifications.error("There was a problem creating your app")
+      notifications.error(e.message || "There was a problem creating your app")
     }
   }
 </script>
diff --git a/packages/builder/src/pages/builder/portal/users/users/[userId].svelte b/packages/builder/src/pages/builder/portal/users/users/[userId].svelte
index ec10ec8316..368e45d83c 100644
--- a/packages/builder/src/pages/builder/portal/users/users/[userId].svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/[userId].svelte
@@ -55,6 +55,7 @@
     },
     role: {
       width: "1fr",
+      displayName: "Access",
     },
   }
   const customGroupTableRenderers = [
@@ -98,7 +99,7 @@
       return y._id === userId
     })
   })
-  $: globalRole = sdk.users.isAdmin(user) ? "admin" : "appUser"
+  $: globalRole = users.getUserRole(user)
 
   const getAvailableApps = (appList, privileged, roles) => {
     let availableApps = appList.slice()
@@ -177,12 +178,21 @@
   }
 
   async function updateUserRole({ detail }) {
-    if (detail === "developer") {
+    if (detail === Constants.BudibaseRoles.Developer) {
       toggleFlags({ admin: { global: false }, builder: { global: true } })
-    } else if (detail === "admin") {
+    } else if (detail === Constants.BudibaseRoles.Admin) {
       toggleFlags({ admin: { global: true }, builder: { global: true } })
-    } else if (detail === "appUser") {
+    } else if (detail === Constants.BudibaseRoles.AppUser) {
       toggleFlags({ admin: { global: false }, builder: { global: false } })
+    } else if (detail === Constants.BudibaseRoles.Creator) {
+      toggleFlags({
+        admin: { global: false },
+        builder: {
+          global: false,
+          creator: true,
+          apps: user?.builder?.apps || [],
+        },
+      })
     }
   }
 
@@ -295,6 +305,7 @@
           <div class="field">
             <Label size="L">Role</Label>
             <Select
+              placeholder={null}
               disabled={!sdk.users.isAdmin($auth.user)}
               value={globalRole}
               options={Constants.BudibaseRoleOptions}
diff --git a/packages/builder/src/pages/builder/portal/users/users/_components/AddUserModal.svelte b/packages/builder/src/pages/builder/portal/users/users/_components/AddUserModal.svelte
index 806468021f..346b293235 100644
--- a/packages/builder/src/pages/builder/portal/users/users/_components/AddUserModal.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/_components/AddUserModal.svelte
@@ -29,7 +29,6 @@
     },
   ]
   $: hasError = userData.find(x => x.error != null)
-
   $: userCount = $licensing.userCount + userData.length
   $: reached = licensing.usersLimitReached(userCount)
   $: exceeded = licensing.usersLimitExceeded(userCount)
@@ -98,7 +97,7 @@
         align-items: center;
         flex-direction: row;"
       >
-        <div style="width: 90%">
+        <div style="flex: 1 1 auto;">
           <InputDropdown
             inputType="email"
             bind:inputValue={input.email}
diff --git a/packages/builder/src/pages/builder/portal/users/users/_components/AppRoleTableRenderer.svelte b/packages/builder/src/pages/builder/portal/users/users/_components/AppRoleTableRenderer.svelte
index a9f2ca6e08..e0b743cfa2 100644
--- a/packages/builder/src/pages/builder/portal/users/users/_components/AppRoleTableRenderer.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/_components/AppRoleTableRenderer.svelte
@@ -14,6 +14,10 @@
   }
 </script>
 
-<StatusLight square color={RoleUtils.getRoleColour(value)}>
-  {getRoleLabel(value)}
-</StatusLight>
+{#if value === Constants.Roles.CREATOR}
+  Can edit
+{:else}
+  <StatusLight square color={RoleUtils.getRoleColour(value)}>
+    Can use as {getRoleLabel(value)}
+  </StatusLight>
+{/if}
diff --git a/packages/builder/src/pages/builder/portal/users/users/_components/ImportUsersModal.svelte b/packages/builder/src/pages/builder/portal/users/users/_components/ImportUsersModal.svelte
index 338cc1e7c1..bb03f166b3 100644
--- a/packages/builder/src/pages/builder/portal/users/users/_components/ImportUsersModal.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/_components/ImportUsersModal.svelte
@@ -15,6 +15,7 @@
   const BYTES_IN_MB = 1000000
   const FILE_SIZE_LIMIT = BYTES_IN_MB * 5
   const MAX_USERS_UPLOAD_LIMIT = 1000
+
   export let createUsersFromCsv
 
   let files = []
@@ -22,13 +23,16 @@
   let userEmails = []
   let userGroups = []
   let usersRole = null
-  $: invalidEmails = []
 
+  $: invalidEmails = []
   $: userCount = $licensing.userCount + userEmails.length
   $: exceed = licensing.usersLimitExceeded(userCount)
-
   $: importDisabled =
     !userEmails.length || !validEmails(userEmails) || !usersRole || exceed
+  $: roleOptions = Constants.BudibaseRoleOptions.map(option => ({
+    ...option,
+    label: `${option.label} - ${option.subtitle}`,
+  }))
 
   const validEmails = userEmails => {
     if ($admin.cloud && userEmails.length > MAX_USERS_UPLOAD_LIMIT) {
@@ -100,10 +104,7 @@
       users. Upgrade your plan to add more users
     </div>
   {/if}
-  <RadioGroup
-    bind:value={usersRole}
-    options={Constants.BuilderRoleDescriptions}
-  />
+  <RadioGroup bind:value={usersRole} options={roleOptions} />
 
   {#if $licensing.groupsEnabled}
     <Multiselect
diff --git a/packages/builder/src/pages/builder/portal/users/users/_components/RoleTableRenderer.svelte b/packages/builder/src/pages/builder/portal/users/users/_components/RoleTableRenderer.svelte
index 43fe8cc1cc..936cd12517 100644
--- a/packages/builder/src/pages/builder/portal/users/users/_components/RoleTableRenderer.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/_components/RoleTableRenderer.svelte
@@ -4,17 +4,11 @@
 
   export let row
 
-  const TooltipMap = {
-    appUser: "Only has access to assigned apps",
-    developer: "Access to the app builder",
-    admin: "Full access",
-  }
-
-  $: role = Constants.BudibaseRoleOptionsOld.find(
+  $: role = Constants.BudibaseRoleOptions.find(
     x => x.value === users.getUserRole(row)
   )
   $: value = role?.label || "Not available"
-  $: tooltip = TooltipMap[role?.value] || ""
+  $: tooltip = role.subtitle || ""
 </script>
 
 <div on:click|stopPropagation title={tooltip}>
diff --git a/packages/builder/src/pages/builder/portal/users/users/index.svelte b/packages/builder/src/pages/builder/portal/users/users/index.svelte
index 37cbcabbca..50afd0004a 100644
--- a/packages/builder/src/pages/builder/portal/users/users/index.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/index.svelte
@@ -172,6 +172,7 @@
     const payload = userData?.users?.map(user => ({
       email: user.email,
       builder: user.role === Constants.BudibaseRoles.Developer,
+      creator: user.role === Constants.BudibaseRoles.Creator,
       admin: user.role === Constants.BudibaseRoles.Admin,
       groups: userData.groups,
     }))
@@ -190,18 +191,18 @@
 
     for (const user of userData?.users ?? []) {
       const { email } = user
-
       if (
         newUsers.find(x => x.email === email) ||
         currentUserEmails.includes(email)
-      )
+      ) {
         continue
-
+      }
       newUsers.push(user)
     }
 
-    if (!newUsers.length)
+    if (!newUsers.length) {
       notifications.info("Duplicated! There is no new users to add.")
+    }
     return { ...userData, users: newUsers }
   }
 
@@ -266,7 +267,6 @@
     try {
       await groups.actions.init()
       groupsLoaded = true
-
       pendingInvites = await users.getInvites()
       invitesLoaded = true
     } catch (error) {
diff --git a/packages/builder/src/stores/portal/users.js b/packages/builder/src/stores/portal/users.js
index 3ee0516544..5da5d4038d 100644
--- a/packages/builder/src/stores/portal/users.js
+++ b/packages/builder/src/stores/portal/users.js
@@ -3,6 +3,7 @@ import { API } from "api"
 import { update } from "lodash"
 import { licensing } from "."
 import { sdk } from "@budibase/shared-core"
+import { Constants } from "@budibase/frontend-core"
 
 export function createUsersStore() {
   const { subscribe, set } = writable({})
@@ -77,6 +78,9 @@ export function createUsersStore() {
         case "developer":
           body.builder = { global: true }
           break
+        case "creator":
+          body.builder = { creator: true, global: false }
+          break
         case "admin":
           body.admin = { global: true }
           body.builder = { global: true }
@@ -120,12 +124,18 @@ export function createUsersStore() {
     return await API.removeAppBuilder({ userId, appId })
   }
 
-  const getUserRole = user =>
-    sdk.users.isAdmin(user)
-      ? "admin"
-      : sdk.users.isBuilder(user)
-      ? "developer"
-      : "appUser"
+  const getUserRole = user => {
+    if (sdk.users.isAdmin(user)) {
+      return Constants.BudibaseRoles.Admin
+    } else if (sdk.users.isBuilder(user)) {
+      return Constants.BudibaseRoles.Developer
+    } else if (sdk.users.hasCreatorPermissions(user)) {
+      return Constants.BudibaseRoles.Creator
+    } else {
+      return Constants.BudibaseRoles.AppUser
+    }
+  }
+
   const refreshUsage =
     fn =>
     async (...args) => {
diff --git a/packages/client/src/components/app/forms/RelationshipField.svelte b/packages/client/src/components/app/forms/RelationshipField.svelte
index 41a071686e..fcdc93020e 100644
--- a/packages/client/src/components/app/forms/RelationshipField.svelte
+++ b/packages/client/src/components/app/forms/RelationshipField.svelte
@@ -1,6 +1,6 @@
 <script>
   import { CoreSelect, CoreMultiselect } from "@budibase/bbui"
-  import { fetchData } from "@budibase/frontend-core"
+  import { fetchData, Utils } from "@budibase/frontend-core"
   import { getContext } from "svelte"
   import Field from "./Field.svelte"
   import { FieldTypes } from "../../../constants"
@@ -108,7 +108,7 @@
     }
   }
 
-  $: fetchRows(searchTerm, primaryDisplay, defaultValue)
+  $: debouncedFetchRows(searchTerm, primaryDisplay, defaultValue)
 
   const fetchRows = async (searchTerm, primaryDisplay, defaultVal) => {
     const allRowsFetched =
@@ -124,10 +124,22 @@
         query: { equal: { _id: defaultVal } },
       })
     }
+
+    // Ensure we match all filters, rather than any
+    const baseFilter = (filter || []).filter(x => x.operator !== "allOr")
     await fetch.update({
-      query: { string: { [primaryDisplay]: searchTerm } },
+      filter: [
+        ...baseFilter,
+        {
+          // Use a big numeric prefix to avoid clashing with an existing filter
+          field: `999:${primaryDisplay}`,
+          operator: "string",
+          value: searchTerm,
+        },
+      ],
     })
   }
+  const debouncedFetchRows = Utils.debounce(fetchRows, 250)
 
   const flatten = values => {
     if (!values) {
diff --git a/packages/frontend-core/src/api/user.js b/packages/frontend-core/src/api/user.js
index 95c2167721..3a815b768e 100644
--- a/packages/frontend-core/src/api/user.js
+++ b/packages/frontend-core/src/api/user.js
@@ -214,15 +214,23 @@ export const buildUserEndpoints = API => ({
   inviteUsers: async users => {
     return await API.post({
       url: "/api/global/users/multi/invite",
-      body: users.map(user => ({
-        email: user.email,
-        userInfo: {
-          admin: user.admin ? { global: true } : undefined,
-          builder: user.admin || user.builder ? { global: true } : undefined,
-          userGroups: user.groups,
-          roles: user.apps ? user.apps : undefined,
-        },
-      })),
+      body: users.map(user => {
+        let builder = undefined
+        if (user.admin || user.builder) {
+          builder = { global: true }
+        } else if (user.creator) {
+          builder = { creator: true }
+        }
+        return {
+          email: user.email,
+          userInfo: {
+            admin: user.admin ? { global: true } : undefined,
+            builder,
+            userGroups: user.groups,
+            roles: user.apps ? user.apps : undefined,
+          },
+        }
+      }),
     })
   },
 
diff --git a/packages/frontend-core/src/constants.js b/packages/frontend-core/src/constants.js
index 344326065a..44199ae891 100644
--- a/packages/frontend-core/src/constants.js
+++ b/packages/frontend-core/src/constants.js
@@ -20,42 +20,31 @@ export const TableNames = {
 export const BudibaseRoles = {
   AppUser: "appUser",
   Developer: "developer",
+  Creator: "creator",
   Admin: "admin",
 }
 
 export const BudibaseRoleOptionsOld = [
-  { label: "Developer", value: BudibaseRoles.Developer },
-  { label: "Member", value: BudibaseRoles.AppUser },
-  { label: "Admin", value: BudibaseRoles.Admin },
+  {
+    label: "Developer",
+    value: BudibaseRoles.Developer,
+  },
 ]
 export const BudibaseRoleOptions = [
-  { label: "Member", value: BudibaseRoles.AppUser },
-  { label: "Admin", value: BudibaseRoles.Admin },
-]
-
-export const BudibaseRoleOptionsNew = [
   {
-    label: "Admin",
-    value: "admin",
+    label: "Account admin",
+    value: BudibaseRoles.Admin,
     subtitle: "Has full access to all apps and settings in your account",
   },
   {
-    label: "Member",
-    value: "appUser",
-    subtitle: "Can only view apps they have access to",
+    label: "Creator",
+    value: BudibaseRoles.Creator,
+    subtitle: "Can create and edit apps they have access to",
   },
-]
-
-export const BuilderRoleDescriptions = [
   {
+    label: "App user",
     value: BudibaseRoles.AppUser,
-    icon: "User",
-    label: "App user - Only has access to published apps",
-  },
-  {
-    value: BudibaseRoles.Admin,
-    icon: "Draw",
-    label: "Admin - Full access",
+    subtitle: "Can only use published apps they have access to",
   },
 ]
 
diff --git a/packages/pro b/packages/pro
index 5e3d59fc40..1037b032d4 160000
--- a/packages/pro
+++ b/packages/pro
@@ -1 +1 @@
-Subproject commit 5e3d59fc4060fd44b14b2599269c207753d4e5be
+Subproject commit 1037b032d49244678204704d1bca779a29e395eb
diff --git a/packages/server/src/api/controllers/application.ts b/packages/server/src/api/controllers/application.ts
index 4e4c66858e..b2b7a3e5cb 100644
--- a/packages/server/src/api/controllers/application.ts
+++ b/packages/server/src/api/controllers/application.ts
@@ -51,6 +51,7 @@ import {
 import { BASE_LAYOUT_PROP_IDS } from "../../constants/layouts"
 import sdk from "../../sdk"
 import { builderSocket } from "../../websockets"
+import { sdk as sharedCoreSDK } from "@budibase/shared-core"
 
 // utility function, need to do away with this
 async function getLayouts() {
@@ -394,6 +395,12 @@ async function appPostCreate(ctx: UserCtx, app: App) {
       }
     }
   }
+
+  // If the user is a creator, we need to give them access to the new app
+  if (sharedCoreSDK.users.hasCreatorPermissions(ctx.user)) {
+    const user = await users.UserDB.getUser(ctx.user._id!)
+    await users.addAppBuilder(user, app.appId)
+  }
 }
 
 export async function create(ctx: UserCtx) {
diff --git a/packages/server/src/api/routes/application.ts b/packages/server/src/api/routes/application.ts
index a21d6a2153..babcb1b44b 100644
--- a/packages/server/src/api/routes/application.ts
+++ b/packages/server/src/api/routes/application.ts
@@ -16,7 +16,7 @@ router
   )
   .post(
     "/api/applications",
-    authorized(permissions.GLOBAL_BUILDER),
+    authorized(permissions.CREATOR),
     applicationValidator(),
     controller.create
   )
diff --git a/packages/server/src/middleware/authorized.ts b/packages/server/src/middleware/authorized.ts
index 06d7da9055..cba765a887 100644
--- a/packages/server/src/middleware/authorized.ts
+++ b/packages/server/src/middleware/authorized.ts
@@ -5,7 +5,7 @@ import {
   roles,
   users,
 } from "@budibase/backend-core"
-import { PermissionLevel, PermissionType, Role, UserCtx } from "@budibase/types"
+import { PermissionLevel, PermissionType, UserCtx } from "@budibase/types"
 import builderMiddleware from "./builder"
 import { isWebhookEndpoint } from "./utils"
 import { paramResource } from "./resourceId"
@@ -31,13 +31,20 @@ const checkAuthorized = async (
 ) => {
   const appId = context.getAppId()
   const isGlobalBuilderApi = permType === PermissionType.GLOBAL_BUILDER
+  const isCreatorApi = permType === PermissionType.CREATOR
   const isBuilderApi = permType === PermissionType.BUILDER
-  const globalBuilder = users.isGlobalBuilder(ctx.user)
-  let isBuilder = appId
+  const isGlobalBuilder = users.isGlobalBuilder(ctx.user)
+  const isCreator = users.isCreator(ctx.user)
+  const isBuilder = appId
     ? users.isBuilder(ctx.user, appId)
     : users.hasBuilderPermissions(ctx.user)
-  // check if this is a builder api and the user is not a builder
-  if ((isGlobalBuilderApi && !globalBuilder) || (isBuilderApi && !isBuilder)) {
+
+  // check api permission type against user
+  if (
+    (isGlobalBuilderApi && !isGlobalBuilder) ||
+    (isCreatorApi && !isCreator) ||
+    (isBuilderApi && !isBuilder)
+  ) {
     return ctx.throw(403, "Not Authorized")
   }
 
@@ -148,6 +155,7 @@ const authorized =
     // to find API endpoints which are builder focused
     if (
       permType === PermissionType.BUILDER ||
+      permType === PermissionType.CREATOR ||
       permType === PermissionType.GLOBAL_BUILDER
     ) {
       await builderMiddleware(ctx)
diff --git a/packages/shared-core/src/sdk/documents/users.ts b/packages/shared-core/src/sdk/documents/users.ts
index b58994aa46..1aaf44ff7c 100644
--- a/packages/shared-core/src/sdk/documents/users.ts
+++ b/packages/shared-core/src/sdk/documents/users.ts
@@ -25,6 +25,10 @@ export function isGlobalBuilder(user: User | ContextUser): boolean {
   return (isBuilder(user) && !hasAppBuilderPermissions(user)) || isAdmin(user)
 }
 
+export function canCreateApps(user: User | ContextUser): boolean {
+  return isGlobalBuilder(user) || hasCreatorPermissions(user)
+}
+
 // alias for hasAdminPermission, currently do the same thing
 // in future whether someone has admin permissions and whether they are
 // an admin for a specific resource could be separated
@@ -66,7 +70,7 @@ export function hasAppCreatorPermissions(user?: User | ContextUser): boolean {
   return _.flow(
     _.get("roles"),
     _.values,
-    _.find(x => ["CREATOR", "ADMIN"].includes(x)),
+    _.find(x => x === "CREATOR"),
     x => !!x
   )(user)
 }
@@ -76,7 +80,11 @@ export function hasBuilderPermissions(user?: User | ContextUser): boolean {
   if (!user) {
     return false
   }
-  return user.builder?.global || hasAppBuilderPermissions(user)
+  return (
+    user.builder?.global ||
+    hasAppBuilderPermissions(user) ||
+    hasCreatorPermissions(user)
+  )
 }
 
 // checks if a user is capable of being an admin
@@ -87,13 +95,21 @@ export function hasAdminPermissions(user?: User | ContextUser): boolean {
   return !!user.admin?.global
 }
 
+export function hasCreatorPermissions(user?: User | ContextUser): boolean {
+  if (!user) {
+    return false
+  }
+  return !!user.builder?.creator
+}
+
 export function isCreator(user?: User | ContextUser): boolean {
   if (!user) {
     return false
   }
   return (
-    isGlobalBuilder(user) ||
+    isGlobalBuilder(user!) ||
     hasAdminPermissions(user) ||
+    hasCreatorPermissions(user) ||
     hasAppBuilderPermissions(user) ||
     hasAppCreatorPermissions(user)
   )
diff --git a/packages/types/src/documents/global/user.ts b/packages/types/src/documents/global/user.ts
index 9769661cd5..337855787f 100644
--- a/packages/types/src/documents/global/user.ts
+++ b/packages/types/src/documents/global/user.ts
@@ -44,6 +44,7 @@ export interface User extends Document {
   builder?: {
     global?: boolean
     apps?: string[]
+    creator?: boolean
   }
   admin?: {
     global: boolean
diff --git a/packages/types/src/sdk/permissions.ts b/packages/types/src/sdk/permissions.ts
index c855bbd219..638de97f48 100644
--- a/packages/types/src/sdk/permissions.ts
+++ b/packages/types/src/sdk/permissions.ts
@@ -13,6 +13,7 @@ export enum PermissionType {
   AUTOMATION = "automation",
   WEBHOOK = "webhook",
   BUILDER = "builder",
+  CREATOR = "creator",
   GLOBAL_BUILDER = "globalBuilder",
   QUERY = "query",
   VIEW = "view",
diff --git a/packages/worker/src/api/controllers/global/roles.ts b/packages/worker/src/api/controllers/global/roles.ts
index 7b9ce74e3e..e1a3130924 100644
--- a/packages/worker/src/api/controllers/global/roles.ts
+++ b/packages/worker/src/api/controllers/global/roles.ts
@@ -51,10 +51,22 @@ export async function removeAppRole(ctx: Ctx) {
   const users = await sdk.users.db.allUsers()
   const bulk = []
   const cacheInvalidations = []
+  const prodAppId = dbCore.getProdAppID(appId)
   for (let user of users) {
-    if (user.roles[appId]) {
-      cacheInvalidations.push(cache.user.invalidateUser(user._id))
-      delete user.roles[appId]
+    let updated = false
+    if (user.roles[prodAppId]) {
+      cacheInvalidations.push(cache.user.invalidateUser(user._id!))
+      delete user.roles[prodAppId]
+      updated = true
+    }
+    if (user.builder && Array.isArray(user.builder?.apps)) {
+      const idx = user.builder.apps.indexOf(prodAppId)
+      if (idx !== -1) {
+        user.builder.apps.splice(idx, 1)
+        updated = true
+      }
+    }
+    if (updated) {
       bulk.push(user)
     }
   }