Admin & security
RBAC & roles.
Five roles, scoped to workspace and run. Least privilege by default.
Five roles ship: owner, admin, operator, reviewer, viewer. The matrix is short enough to fit on one page so we put it on one page.
| Capability | Owner | Admin | Operator | Reviewer | Viewer |
|---|---|---|---|---|---|
| Manage billing | ✓ | ||||
| Manage users | ✓ | ✓ | |||
| Manage providers / keys | ✓ | ✓ | |||
| Edit packs and prompts | ✓ | ✓ | ✓ | ||
| Run pipeline | ✓ | ✓ | ✓ | ||
| Approve drafts | ✓ | ✓ | ✓ | ✓ | |
| Read run reports | ✓ | ✓ | ✓ | ✓ | ✓ |
Custom roles
Available on Enterprise. Capabilities are addressable through the API; REST endpoints for the admin scope are documented.