| Role | Description |
|---|---|
| Admin | Full control over the workspace, its settings, and content. |
| Member | Can create and modify content but cannot manage workspace settings or members. |
| Member Restricted | Same as Member, but cannot view data. |
| Viewer | Read-only access. Cannot create, modify, or delete anything. |
When to use each role
- Admin: workspace owners and administrators who need full control over settings, members, and integrations.
- Member: engineers and data scientists who create and manage projects, tests, and data.
- Member Restricted: contractors or external collaborators who need creation capabilities without access to sensitive data.
- Viewer: stakeholders, executives, or auditors who need visibility without modification rights.
Permission matrix
| Permission | Admin | Member | Member Restricted | Viewer |
|---|---|---|---|---|
| View data | ✓ | ✓ | ✗ | ✓ |
| Export data | ✓ | ✓ | ✓ | ✗ |
| Run inference | ✓ | ✓ | ✓ | ✗ |
| Create projects | ✓ | ✓ | ✓ | ✗ |
| Update projects | ✓ | ✗ | ✗ | ✗ |
| Delete projects | ✓ | ✗ | ✗ | ✗ |
| Create inference pipelines | ✓ | ✓ | ✓ | ✗ |
| Delete inference pipelines | ✓ | ✗ | ✗ | ✗ |
| Pause inference pipelines | ✓ | ✗ | ✗ | ✗ |
| Create frameworks | ✓ | ✓ | ✓ | ✗ |
| Update frameworks | ✓ | ✗ | ✗ | ✗ |
| Delete frameworks | ✓ | ✗ | ✗ | ✗ |
| Create rules / rule tags | ✓ | ✓ | ✓ | ✗ |
| Update rules / rule tags | ✓ | ✗ | ✗ | ✗ |
| Delete rules / rule tags | ✓ | ✗ | ✗ | ✗ |
| Create goals (tests) | ✓ | ✓ | ✓ | ✗ |
| Update goals | ✓ | ✓ | ✓ | ✗ |
| Create commits | ✓ | ✓ | ✓ | ✗ |
| Create comments | ✓ | ✓ | ✓ | ✗ |
| Create / update / delete environment variables | ✓ | ✗ | ✗ | ✗ |
| View environment variables | ✓ | ✓ | ✓ | ✓ |
| Create / update / delete access groups | ✓ | ✗ | ✗ | ✗ |
| View access groups | ✓ | ✓ | ✓ | ✓ |
| Invite members | ✓ | ✗ | ✗ | ✗ |
| Remove members | ✓ | ✗ | ✗ | ✗ |
| Update member roles | ✓ | ✗ | ✗ | ✗ |
| Update workspace | ✓ | ✗ | ✗ | ✗ |
| Delete workspace | ✓ | ✗ | ✗ | ✗ |
| Manage SAML SSO | ✓ | ✗ | ✗ | ✗ |
| Connect Slack | ✓ | ✗ | ✗ | ✗ |
| View billing | ✓ | ✗ | ✗ | ✗ |
| View metric settings | ✓ | ✓ | ✓ | ✓ |
| View LLM evaluator | ✓ | ✓ | ✓ | ✓ |
| View notification settings | ✓ | ✗ | ✗ | ✓ |
FAQ
Are permissions enforced at the project level too?
Are permissions enforced at the project level too?
Yes. Permissions are enforced at both the workspace and project levels.
Access groups can provide additional
project-level control.
Can a project owner bypass their workspace role?
Can a project owner bypass their workspace role?
Yes. Project owners have full permissions for their projects, regardless of
their workspace role.
Can Member Restricted users still access data indirectly?
Can Member Restricted users still access data indirectly?
Yes. Member Restricted users cannot view data directly, but they can still
export data and run inference, which may expose data indirectly. Keep this
in mind when assigning this role.