Skip to main content

User Management Documentation

This document outlines the role-based access control (RBAC) framework for our platform. The goal is to ensure that users have the proper level of access—whether to account-level settings or to project-specific screens—while simplifying role management with a single set of account-level roles.

Overview

Our platform distinguishes five account-level roles that govern what users can see and do:

  1. Owner
  2. Account Admin
  3. Project Admin
  4. Project Editor
  5. Project Viewer

The first two roles (Owner and Account Admin) provide access to all projects and settings across the entire account. The last three roles limit the user’s actions within projects to which they have been granted access.

All prior roles that do not match this structure are removed, and existing users will have their roles automatically backfilled (migrated) to one of these five options based on their previous permissions.

Roles & Permissions

1. Owner

  • Definition:
    The user who first creates the account.
  • Permissions:
    • Unrestricted access to all account settings, screens, and projects.
    • Cannot have their role changed—this role is automatically assigned at account creation.
  • Key Point:
    The Owner role is unique and cannot be manually assigned to any other new or existing user.

2. Account Admin

  • Definition:
    A user granted full administrative control across the account.
  • Permissions:
    • Complete access to all settings, screens, and all projects.
    • The project selector is disabled, accompanied by the message “Account admins can access all projects.”
  • Key Point:
    Like the Owner, Account Admins have blanket permissions across all account projects.

3. Project Admin

  • Definition:
    A user responsible for managing project-specific settings and configurations.
  • Permissions:
    • Access to all settings and administration screens for projects the user is assigned to.
    • Although previously thought of as “per project,” the Project Admin role now applies uniformly across every project the user is granted access to.
    • Can be assigned additional roles on other projects as needed (e.g., if future changes allow more granular control).
  • Key Point:
    Project Admins see only the projects to which they belong in their project selector and Manage Projects screen, keeping their dashboard focused on relevant data.

4. Project Editor

  • Definition:
    A user with editing capabilities within projects.
  • Permissions:
    • Access to all screens available to a Project Admin with the following exceptions:
      • Cannot access the Models and Workspace screens.
    • This role applies to all projects the user is associated with.
  • Key Point:
    Provides a “middle” level of control—enough to update content and modify settings without the full administrative privileges.

5. Project Viewer

  • Definition:
    A user with view-only privileges.
  • Permissions:
    • Can only access the Home and Interact screens on the dashboard.
    • Visibility across all projects the user is granted access to, without permission to modify settings.
  • Key Point:
    Ideal for users who need to monitor project activity without making changes.

User Management Screens & Design Considerations

To support this unified role structure, the design of our user management interface has been adjusted as follows:

  • Simplified Role Selection:
    When adding or editing a user, the administrator will select from the five defined roles. Legacy roles have been removed, and appropriate backfill will occur for existing user records.

  • Project Selector Behavior:

    • For Owner and Account Admin roles, the project selector is disabled (with a clear indication that these roles confer access to all projects).
    • For Project Admin, Project Editor, and Project Viewer, the project selector is active and lists only the projects the user can access.

  • Dashboard & Navigation:

    • Owner and Account Admin users see all projects.
    • Project Admin users see only their assigned projects on the dashboard and in the Manage Projects screen.

  • Backfill Process:
    Any user previously set as a “Project User” or any role outside of these five will be automatically mapped based on their access rights:

    • Users with full account access will be backfilled as Account Admins.
    • Those with restricted project-specific actions will be mapped to Project Admin, Editor, or Viewer based on their historical permissions.

Implementation & Future Considerations

  • Immediate Rollout:
    The new roles are effective immediately. There is no per-project role differentiation; all roles are applied account-wide.

  • Scalability:
    While we have streamlined role management into a single hierarchy, the architecture is designed to scale. Future enhancements may reintroduce project-specific roles if needed, but the current model maintains consistency and simplifies user experience.

  • User Migration:
    Existing users will be migrated to one of these five roles. The mapping will be based on their previously assigned permissions to ensure minimal disruption to workflow or access.

Conclusion

This new RBAC framework streamlines user management by consolidating roles into five clearly defined account-level groups. It guarantees that each user has access aligned with their responsibilities—ranging from complete control (Owner, Account Admin) to view-only capabilities (Project Viewer)—while simplifying the user management interface. These changes are designed to enhance security, clarity, and ease-of-use for administrators across the platform.

For any further inquiries regarding role management, please contact our support team at [email protected]