Organization and workspace roles
AI Hub uses roles to manage members’ permissions across the organization and in shared workspaces.
About organization and workspace roles
Roles and their associated permissions can be assigned at the organization level and at the workspace level. Organization roles affect access and permissions for tasks performed at the organization level, such as managing organization settings. The following organization roles can be assigned:
-
Member — This role is the default for all organization members. Members have limited administrative permissions and access at the organization level.
-
Admin — Admins have wide-ranging permissions and access, including access to all organization workspaces—both personal and shared—and the ability to perform all administrative tasks. Admins are also included in all workspace members lists, with the Admin role. Only admins can assign other members as admins. The first organization admin is either designated when an organization is created, or is the member who created the organization.
Minimize the number of admins in an organization. Instead, use workspace roles to grant workspace permissions as needed, and limit such extensive, organization-wide access to only those who need it.
Workspace roles are granted within the context of workspaces and assigned on a workspace-by-workspace basis, meaning someone can have a different workspace role across multiple workspaces. Workspace roles can be assigned to members or to groups, which are subsets of organization members. The following workspace roles can be assigned:
-
Developer — This role is the default for all workspace members. The Developer role has the fewest administrative permissions at the workspace level.
-
Workspace manager — Workspace managers have greater administrative permissions, though these permissions are limited to the workspace they’re assigned to manage.
Permissions overview
The following tables provide an overview of organization and workspace roles and their permissions related to common tasks. (Group roles aren’t included because they confer no permissions outside of the group context.) While each row is listed as a separate permission, specific permissions can’t be individually granted or restricted. If a member is assigned a given organization or workspace role, they’re granted all associated permissions. The tasks and permissions listed aren’t comprehensive and instead highlight commonly used or notable functionality.
Organization administration
Organization administration tasks include managing organization members and all organization settings. These tasks are governed by organization roles.
Workspace administration
Workspace administration tasks include managing workspace members and all workspace settings. These tasks are governed by workspace roles, with each workspace role applying only to the assigned workspace.
Automation projects and apps
For automation project-related permissions, members’ permissions are restricted to the workspaces they’re assigned to. For example, members can’t create projects in or move projects to workspaces they can’t access. In general, app-related permissions aren’t bound by workspace access as, after an app is published and shared with the organization, any member can access and run it.
Deployments
For deployment-related permissions, members’ permissions are restricted to the workspaces they’re assigned to. For example, members can’t view deployments created in workspaces they can’t access.
Human review
For human review-related permissions, members’ permissions are restricted to the workspaces they’re assigned to. For example, a workspace manager can’t edit the service-level agreement for a deployment created in a workspace they can’t access.
Conversations and chatbots
For conversation-related permissions, as conversations can be created only in personal workspaces, most functionality isn’t available to other organization members. Admins, however, can access all personal workspaces and view conversations and other assets within. For chatbot-related permissions, most features and functionality beyond using the chatbot are limited to the chatbot creator. For example, regardless of role, organization members can’t view analytics or feedback for chatbots created by another member.
Assigning organization roles
Admins can assign organization roles, including assigning other organization admins.
-
In the header, click the initials icon and select Settings.
-
Click Members to open the organization members list.
-
In the member’s row, click the Edit icon.
-
Select a new role from the Role field.
-
Click Save.
is_admin
attribute. If assigning admins this way, you can still manually assign the Admin role. However, the is_admin
attribute takes precedence and the member’s admin status resets at next login based on how the attribute is defined.Assigning workspace roles
Admins and workspace managers can assign workspace roles, including assigning other workspace managers. Workspace roles can be assigned to individual workspace members or to groups that have been assigned to the workspace. Roles assigned to a group apply to all group members.
-
In the header, click the initials icon and select Settings.
-
Click Workspaces, then select the workspace.
-
In the member or group’s row, click the Edit icon.
-
Click the role dropdown, then select a role.
-
Click Save.
Or, assign workspace roles in Workspaces.
-
In Workspaces, select the workspace.
-
Click Members, then locate the member or group in the members list.
-
Click the role dropdown, then select a role.